UbuntuHelp:UbuntuLTSP/OpenLDAP NFS SSL
来自Ubuntu中文
点击翻译: |
English |
This page is specific to Ubuntu versions 8.04 |
If you find this information applicable to additional versions/releases, please edit this page and modify this header to reflect that. Please also include any necessary modifications for this information to apply to the additional versions.
目录
- 1 OpenLDAP, NFS and SSL with LTSP5
- 1.1 LAN, addresses, IDs and passwords
- 1.2 OpenLDAP installation
- 1.3 OpenLDAP-server's manager- and nss-users
- 1.4 SSL-encryption on the OpenLDAP-server
- 1.5 LDAP client programs on the OpenLDAP-server
- 1.6 Create new users on the OpenLDAP-server
- 1.7 Home Directory Share NFS service
- 1.8 LDAP client programs on the LTSP5-server
- 1.9 Test LDAP client programs on the LTSP5-server
- 1.10 Edit 'PAM' files LTSP5-server
- 1.11 Thin client and '*.log' files
OpenLDAP, NFS and SSL with LTSP5
In this guide there are two server machines. The first is a server with two network cards (LTSP5). The second server has the home directory (NFS) and centralized logging (OpenLDAP, SSL). The installation sequence follows:
- Install LTSP5 on the server with the two network cards. Install Webmin with package 'libio-socket-ssl-perl'.
- On the OpenLDAP-server, install:
- OpenLDAP service
- SSL encryption
- Webmin with package 'libio-socket-ssl-perl'
- LDAP client programs
- On the LTSP5-server, install the LDAP client programs and edit all the PAM files.
Both servers' superuser (sudo-user) is local, they have not been exported to the OpenLDAP-server. LTSP5-server has also one normal local user. These IDs appear in the /etc/passwd file similar to below. LTSP5
admin-ltsp5:x:1000:1000:Administrator LTSP5,,,:/root/admin-ltsp5:/bin/bash user-ltsp5:x:1001:1001:User LTSP5,,,,:/root/user-ltsp5:/bin/bash
OpenLDAP
admin-openldap:x:1000:1000:Administrator OpenLDAP,,,:/root/admin-openldap:/bin/bash
All installation files are located here: http://www.arkki.info/howto/Wiki/LTSP5-openLDAP-Perusasennus/
LAN, addresses, IDs and passwords
This guide uses this kind of basic local area network.
Internet | ----------- Router/Switch ----------- | (eth0) (eth0) | LTSP5-server OpenLDAP-server | (eth1) Switch | Thin Client
LAN IP-addresses are as follows. LTSP5 server doing the NAT translation between thin clients and Internet. {i} Router/Switch - 192.168.1.1 | LTSP5-server - 192.168.1.2 - ubuntu-ltsp5 | OpenLDAP-server - 192.168.1.3 - ubuntu-openldap | Thin Client - 192.168.0.10 - ubuntu-10 IDs and passwords, which were used in this installation. {i} ubuntu-ltsp5 - admin-ltsp5 - TP2009ltsp | ubuntu-openldap - admin-openldap - TP2009ltsp | ubuntu-10 - ltsp001 - edubuntu OpenLDAP server manager and the NSS-user IDs and passwords are as follows. {i} cn=manager,dc=arkki,dc=info - TP2009ldap | cn=nss,dc=arkki,dc=info - TP2009nss OpenLDAP-server's directory structure is this in this guide.
dc=info | dc=arkki----|----------| | | | ou=Users ou=Groups cn=nss | | | cn=Users | cn=ltsp001, ltsp002 ...
OpenLDAP installation
Install package 'slapd' on the OpenLDAP-server. Necessary programs for processing OpenLDAP database are in the package 'ldap-utils'.
sudo apt-get install slapd ldap-utils
OpenLDAP (slapd) installation opens a text-based setup program, but it can be safely ignored. Copy the original configuration file and copy only the following lines in the new configuration file or/and remove the all the original lines. {i} Basic mode for all the /etc-directory's files are "644". One exception is the file 'ldap.secret'. It has to be in the mode "600"! OpenLDAP-server's manager-user's password has to create first. The password is "TP2009ldap". Encrypted password will be placed in the slapd.conf file.
slappasswd -h {MD5} New password: Re-enter new password: {MD5}0H0NPb1xLD770iuQqZYkqQ== root@ubuntu-openldap:~#
sudo nano /etc/ldap/slapd.conf
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 backend hdb database hdb suffix "dc=arkki,dc=info" rootdn "cn=manager,dc=arkki,dc=info" rootpw {MD5}0H0NPb1xLD770iuQqZYkqQ== directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index objectClass eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange by dn="cn=manager,dc=arkki,dc=info" write by anonymous auth by self write by * none access to * by dn="cn=manager,dc=arkki,dc=info" write by dn="cn=nss,dc=arkki,dc=info" read by * auth
Add to the /etc/syslog.conf file next line, and create the log-file, too.
local4.* /var/log/ldap.log
sudo touch /var/log/ldap.log
Start the OpenLDAP server.
/etc/init.d/slapd start Starting OpenLDAP: slapd.
Create the basic design of the OpenLDAP-server. The file is 'base.ldif'.
dn: dc=arkki,dc=info objectclass: organization objectclass: dcObject o: Arkki dc: arkki description: Arkki - Asmo Koskinen dn: ou=Hosts,dc=arkki,dc=info ou: Hosts objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: arkki.info dn: ou=People,dc=arkki,dc=info ou: People objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: arkki.info dn: ou=Groups,dc=arkki,dc=info ou: Groups objectClass: top objectClass: organizationalUnit objectClass: domainRelatedObject associatedDomain: arkki.info dn: cn=users,ou=Groups,dc=arkki,dc=info objectClass: posixGroup cn: users gidNumber: 10000
Run this file on the OpenLDAP-server. Manager-user's password is "TP2009ldap".
ldapadd -W -x -D "cn=manager,dc=arkki,dc=info" -f base.ldif Enter LDAP Password: adding new entry "dc=arkki,dc=info" adding new entry "ou=Hosts,dc=arkki,dc=info" adding new entry "ou=People,dc=arkki,dc=info" adding new entry "ou=Groups,dc=arkki,dc=info" adding new entry "cn=users,ou=Groups,dc=arkki,dc=info"
OpenLDAP-server's manager- and nss-users
OpenLDAP server has two users with different roles. Manager-user can write, read and execute the data. NSS-user can just read. Create nss-user, first make new 'nss.ldif' file.
dn: cn=nss, dc=arkki,dc=info objectClass: organizationalRole objectClass: simpleSecurityObject cn: nss description: LDAP NSS user userPassword: {MD5}iJ/UWG+ALKWLTgwEmmZj4Q==
The encrypted password is created same way as with manager-user. Place passwd directly in the 'nss.ldif' file. The password is "TP2009nss". Then run 'nss.ldif' file in the OpenLDAP-server.
slappasswd -h {MD5} New password: Re-enter new password: {MD5}iJ/UWG+ALKWLTgwEmmZj4Q==
ldapadd -W -x -D "cn=manager,dc=arkki,dc=info" -f nss.ldif Enter LDAP Password: adding new entry "cn=nss, dc=arkki,dc=info"
Restart the OpenLDAP-server.
/etc/init.d/slapd restart Stopping OpenLDAP: slapd. Starting OpenLDAP: slapd.
OpenLDAP-server has Webmin software. Here are screenshots about Webmin program with module LDAP Server.
SSL-encryption on the OpenLDAP-server
Without SSL-encryption all the passwords through a local network are visible clear. First read this guide, https://help.ubuntu.com/community/SecuringOpenLDAPConnections /!\ You have to use DNS (files or server) for both servers!
admin-ltsp5@ubuntu-ltsp5:~$ cat /etc/hosts 127.0.0.1 localhost 192.168.1.2 ubuntu-ltsp5 192.168.1.3 ubuntu-openldap 192.168.0.10 ubuntu-10
The most important thing is to put in the "Common Name" line the OpenLDAP-server's DNS name, in this guide "ubuntu-openldap". This information must be in all the client machines 'hosts' files, if you do not have DNS-server somewhere on the LAN. The SSL-certificate is a rsa-key with a length of 1024 bits and valid for 10 years. The certificate is named after the server itself.
sudo openssl req -newkey rsa:1024 -x509 -nodes -out ubuntu-openldap.pem -keyout ubuntu-openldap.pem -days 3650 Generating a 1024 bit RSA private key [--] writing new private key to 'ubuntu-openldap.pem' [--] Common Name (eg, YOUR name) []:ubuntu-openldap
SSL-certificate information and the location have to add to the 'slapd.conf' file. In this guide new directory has been created - '/etc/ldap/ssl'. New 'ubuntu-openldap.pem' file is placed in this new directory. Add these lines in the '/etc/ldap/slapd.conf' file.
TLSCACertificateFile /etc/ldap/ssl/ubuntu-openldap.pem TLSCertificateFile /etc/ldap/ssl/ubuntu-openldap.pem TLSCertificateKeyFile /etc/ldap/ssl/ubuntu-openldap.pem
Edit the '/etc/default/slapd' file. Add new row - SLAPD_SERVICES="ldap:/// ldaps:///"- but do not do anything else.
SLAPD_CONF= SLAPD_USER="openldap" SLAPD_GROUP="openldap" SLAPD_PIDFILE= SLAPD_SERVICES="ldap:/// ldaps:///" SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS=""
Test the new certificate on the OpenLDAP-server.
openssl s_client -connect ubuntu-openldap:636 -showcerts [--] Server certificate subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ubuntu-openldap issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ubuntu-openldap --- No client certificate CA names sent --- SSL handshake has read 1095 bytes and written 316 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit [--]
LDAP client programs on the OpenLDAP-server
To use Webmin, OpenLDAP-server needs LDAP client programs. /!\ OpenLDAP-server do not use itself OpenLDAP-services. And do not edit 'PAM' files on the OpenLDAP-server. But use SSL encryption on the OpenLDAP-server. Remember that the mode for the 'ldap.secret' should be "600." Only the root user is allowed to read it! Install LDAP client programs.
sudo apt-get install ldap-auth-client libpam-ldap libnss-ldap
Make the following changes to configuration files. Copy and save original files. /etc/ldap/ldap.conf
BASE dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow
/etc/ldap.conf
base dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow ldap_version 3 binddn cn=nss,dc=arkki,dc=info bindpw TP2009nss rootbinddn cn=manager,dc=arkki,dc=info pam_password md5 nss_base_passwd ou=People,dc=arkki,dc=info?one nss_base_shadow ou=People,dc=arkki,dc=info?one nss_base_group ou=Group,dc=arkki,dc=info?one nss_initgroups_ignoreusers backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,openldap,proxy,root,sshd,statd,sync,sys,syslog,uucp,www-data
/etc/ldap.secret
TP2009ldap
/etc/nsswitch.conf
passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Create new users on the OpenLDAP-server
In this guide 30 new users were created on the OpenLDAP-server. Create the 'users.txt' file and use it with Webmin.
create:ltsp001:edubuntu:10001:10000:LTSP 001:/home/ltsp001:/bin/bash::::: create:ltsp002:edubuntu:10002:10000:LTSP 002:/home/ltsp002:/bin/bash::::: create:ltsp003:edubuntu:10003:10000:LTSP 003:/home/ltsp003:/bin/bash::::: create:ltsp004:edubuntu:10004:10000:LTSP 004:/home/ltsp004:/bin/bash::::: create:ltsp005:edubuntu:10005:10000:LTSP 005:/home/ltsp005:/bin/bash::::: create:ltsp006:edubuntu:10006:10000:LTSP 006:/home/ltsp006:/bin/bash::::: create:ltsp007:edubuntu:10007:10000:LTSP 007:/home/ltsp007:/bin/bash::::: create:ltsp008:edubuntu:10008:10000:LTSP 008:/home/ltsp008:/bin/bash::::: create:ltsp009:edubuntu:10009:10000:LTSP 009:/home/ltsp009:/bin/bash::::: create:ltsp010:edubuntu:10010:10000:LTSP 010:/home/ltsp010:/bin/bash::::: create:ltsp011:edubuntu:10011:10000:LTSP 011:/home/ltsp011:/bin/bash::::: create:ltsp012:edubuntu:10012:10000:LTSP 012:/home/ltsp012:/bin/bash::::: create:ltsp013:edubuntu:10013:10000:LTSP 013:/home/ltsp013:/bin/bash::::: create:ltsp014:edubuntu:10014:10000:LTSP 014:/home/ltsp014:/bin/bash::::: create:ltsp015:edubuntu:10015:10000:LTSP 015:/home/ltsp015:/bin/bash::::: create:ltsp016:edubuntu:10016:10000:LTSP 016:/home/ltsp016:/bin/bash::::: create:ltsp017:edubuntu:10017:10000:LTSP 017:/home/ltsp017:/bin/bash::::: create:ltsp018:edubuntu:10018:10000:LTSP 018:/home/ltsp018:/bin/bash::::: create:ltsp019:edubuntu:10019:10000:LTSP 019:/home/ltsp019:/bin/bash::::: create:ltsp020:edubuntu:10020:10000:LTSP 020:/home/ltsp020:/bin/bash::::: create:ltsp021:edubuntu:10021:10000:LTSP 021:/home/ltsp021:/bin/bash::::: create:ltsp022:edubuntu:10022:10000:LTSP 022:/home/ltsp022:/bin/bash::::: create:ltsp023:edubuntu:10023:10000:LTSP 023:/home/ltsp023:/bin/bash::::: create:ltsp024:edubuntu:10024:10000:LTSP 024:/home/ltsp024:/bin/bash::::: create:ltsp025:edubuntu:10025:10000:LTSP 025:/home/ltsp025:/bin/bash::::: create:ltsp026:edubuntu:10026:10000:LTSP 026:/home/ltsp026:/bin/bash::::: create:ltsp027:edubuntu:10027:10000:LTSP 027:/home/ltsp027:/bin/bash::::: create:ltsp028:edubuntu:10028:10000:LTSP 028:/home/ltsp028:/bin/bash::::: create:ltsp029:edubuntu:10029:10000:LTSP 029:/home/ltsp029:/bin/bash::::: create:ltsp030:edubuntu:10030:10000:LTSP 029:/home/ltsp030:/bin/bash:::::
Here are screenshots about Webmin's modules (LDAP Client and LDAP Users and Grops) on the OpenLDAP-server.
Home directories for the thin clients are exported from the OpenLDAP-server with the NFS-service. Install on the OpenLDAP-server the 'nfs-kernel-server' package.
sudo apt-get install nfs-kernel-server
Add a line to the /etc/exports file.
/home 192.168.1.0/255.255.255.0(rw,no_root_squash,async,no_subtree_check)
Restart nfs-kernel-server.
sudo /etc/init.d/nfs-kernel-server restart * Stopping NFS kernel daemon [ OK ] * Unexporting directories for NFS kernel daemon... [ OK ] * Exporting directories for NFS kernel daemon... [ OK ] * Starting NFS kernel daemon [ OK ]
LDAP client programs on the LTSP5-server
Install LDAP client programs in the same manner as on the OpenLDAP server. When you are sure that you can reach and browse over an SSL connection the OpenLDAP-server, then you are ready to edit 'PAM' files. Below are screenshots about Webmin on the LTSP5-server. /!\ Remember that the file format ldap.secret should be "600." Only the root user is allowed to read it! Install the LDAP client programs.
sudo apt-get install ldap-auth-client libpam-ldap libnss-ldap libpam-modules libpam-cracklib libpam-ccreds libpam-mount
Backup ldap.conf. cp /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig Then make the following changes to the configuration files. /etc/ldap/ldap.conf
BASE dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow
/etc/ldap.conf
base dc=arkki,dc=info uri ldaps://ubuntu-openldap TLS_REQCERT allow ldap_version 3 binddn cn=nss,dc=arkki,dc=info bindpw TP2009nss rootbinddn cn=manager,dc=arkki,dc=info pam_password md5 nss_base_passwd ou=People,dc=arkki,dc=info?one nss_base_shadow ou=People,dc=arkki,dc=info?one nss_base_group ou=Group,dc=arkki,dc=info?one nss_initgroups_ignoreusers backup,bin,daemon,dhcp,games,gnats,irc,klog,libuuid,list,lp,mail,man,news,openldap,proxy,root,sshd,statd,sync,sys,syslog,uucp,www-data
/etc/ldap.secret
TP2009ldap
/etc/nsswitch.conf
passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Test LDAP client programs on the LTSP5-server
First test the SSL connection this way.
admin-ltsp5@ubuntu-ltsp5:~$ openssl s_client -connect ubuntu-openldap:636 -showcerts CONNECTED(00000003) depth=0 [--]CN=ubuntu-openldap[--] verify error:num=18:self signed certificate verify return:1
Then the 'passwd' file. Local users in addition to the OpenLDAP-users should appear.
admin-ltsp5@ubuntu-ltsp5:~$ getent passwd root:x:0:0:root:/root:/bin/bash [--] admin-ltsp5:x:1000:1000:Administrator LTSP5,,,:/root/admin-ltsp5:/bin/bash user-ltsp5:x:1001:1001:User LTSP5,,,,:/root/user-ltsp5:/bin/bash [--] ltsp001:x:10001:10000:LTSP 001:/home/ltsp001:/bin/bash ltsp002:x:10002:10000:LTSP 002:/home/ltsp002:/bin/bash [--] ltsp029:x:10029:10000:LTSP 029:/home/ltsp029:/bin/bash ltsp030:x:10030:10000:LTSP 029:/home/ltsp030:/bin/bash admin-ltsp5@ubuntu-ltsp5:~$
Then you can test the nss-user.
admin-ltsp5@ubuntu-ltsp5:~$ ldapsearch -x -D "cn=nss,dc=arkki,dc=info" -W -u "cn=LTSP 001" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=arkki,dc=info> (default) with scope subtree # filter: cn=LTSP 001 # requesting: ALL # # ltsp001, People, arkki.info dn: uid=ltsp001,ou=People,dc=arkki,dc=info ufn: ltsp001, People, arkki.info cn: LTSP 001 uid: ltsp001 uidNumber: 10001 loginShell: /bin/bash homeDirectory: /home/ltsp001 gidNumber: 10000 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person sn: LTSP 001 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 admin-ltsp5@ubuntu-ltsp5:~$
Only the manager-user can see the encrypted password.
admin-ltsp5@ubuntu-ltsp5:~$ ldapsearch -x -D "cn=manager,dc=arkki,dc=info" -W -u "cn=LTSP 001" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=arkki,dc=info> (default) with scope subtree # filter: cn=LTSP 001 # requesting: ALL # # ltsp001, People, arkki.info dn: uid=ltsp001,ou=People,dc=arkki,dc=info ufn: ltsp001, People, arkki.info cn: LTSP 001 uid: ltsp001 uidNumber: 10001 loginShell: /bin/bash homeDirectory: /home/ltsp001 gidNumber: 10000 userPassword:: e2NyeXB0fVJRSVVuM0VYQ3plWHc= shadowLastChange: 14285 objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: person sn: LTSP 001 # search result search: 2 result: 0 Successaan # numResponses: 2 # numEntries: 1 admin-ltsp5@ubuntu-ltsp5:~$
Edit 'PAM' files LTSP5-server
When you are sure that you can connect from the LTSP5-server to the OpenLDAP-server over SSL-encryption, you are ready to edit 'PAM' files. /!\ Touching '/etc/pam.d/*' files in the system is an extremely critical process. Copy and save your 'PAM' files . If no login is possible, then the LTSP5-server must start in the single mode, and on the command line copy back the original 'PAM' files. /!\ When editing you should launch one or more console (Ctrl-Alt-F1) without X and login as a root (sudo -s). If X/GDM is not responding you can continue on the console. Wholly new files are '/etc/pam.d/common-pammount' and '/etc/security/pam_mount.conf.xml'. Delete or comment out (#) the original lines or create entirely new files. These are edited 'PAM' files. /etc/pam.d/common-password - password-related modules common to all services
password required pam_mount.so use_authtok shadow md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_authtok md5 password required pam_deny.so
/etc/pam.d/common-auth - authentication settings common to all services
account sufficient pam_unix.so account sufficient pam_ldap.so
/etc/pam.d/common-account - authorization settings common to all services
auth required pam_mount.so auth required pam_env.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth sufficient pam_ldap.so try_first_pass auth required pam_deny.so
/etc/pam.d/common-session - session-related modules common to all services
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_ldap.so session required pam_limits.so session required pam_unix.so session optional pam_mount.so shadow md5 use_authtok session optional pam_ldap.so
/etc/pam.d/common-pammount
auth optional pam_mount.so try_first_pass session optional pam_mount.so try_first_pass
/etc/security/pam_mount.conf.xml Add this line.
<volume fstype="nfs" server="192.168.1.3" path="/home/%(USER)" mountpoint="~"/>
Thin client and '*.log' files
This guide used the following 'lts.conf' file. Thin client is Asus Eee 701 4G.
[00:22:15:15:4B:4C] X_CONF=/etc/X11/asus-eee-xorg.conf X_COLOR_DEPTH=16 LDM_DIRECTX=True LDM_AUTOLOGIN=True LDM_USERNAME=ltsp001 LDM_PASSWORD=edubuntu
Here are some lines from the 'log' files. LTSP5-server
Feb 16 12:44:00 ubuntu-ltsp5 dhcpd: DHCPOFFER on 192.168.0.10 to 00:22:15:15:4b:4c via eth1 Feb 16 12:44:00 ubuntu-ltsp5 dhcpd: DHCPREQUEST for 192.168.0.10 (192.168.0.254) from 00:22:15:15:4b:4c via eth1 Feb 16 12:44:00 ubuntu-ltsp5 dhcpd: DHCPACK on 192.168.0.10 to 00:22:15:15:4b:4c via eth1 Feb 16 12:44:01 ubuntu-ltsp5 dhcpd: DHCPREQUEST for 192.168.0.10 (192.168.0.254) from 00:22:15:15:4b:4c via eth1 Feb 16 12:44:01 ubuntu-ltsp5 dhcpd: DHCPACK on 192.168.0.10 to 00:22:15:15:4b:4c via eth1 Feb 16 12:44:01 ubuntu-ltsp5 nbdrootd[6352]: connect from 192.168.0.10 (192.168.0.10) Feb 16 12:44:01 ubuntu-ltsp5 nbd_server[6353]: connect from 192.168.0.10, assigned file is /opt/ltsp/images/i386.img Feb 16 12:44:01 ubuntu-ltsp5 nbd_server[6353]: Size of exported file/device is 198713344 Feb 16 12:44:24 ubuntu-ltsp5 sshd[6363]: Accepted password for ltsp001 from 192.168.0.10 port 59870 ssh2 Feb 16 12:44:24 ubuntu-ltsp5 sshd[6365]: pam_unix(sshd:session): session opened for user ltsp001 by (uid=0) Feb 16 12:44:24 ubuntu-ltsp5 sshd[6365]: pam_mount(mount.c:182) realpath of volume "/home/ltsp001" is "/home/ltsp001"
OpenLDAP-server
Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 fd=21 ACCEPT from IP=192.168.1.2:44913 (IP=0.0.0.0:636) Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 fd=21 TLS established tls_ssf=256 ssf=256 Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=0 BIND dn="cn=nss,dc=arkki,dc=info" method=128 Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=0 BIND dn="cn=nss,dc=arkki,dc=info" mech=SIMPLE ssf=0 Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=0 RESULT tag=97 err=0 text= Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=1 SRCH base="ou=People,dc=arkki,dc=info" scope=1 deref=0 filter="(objectClass=posixAccount)" Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Feb 16 12:43:40 ubuntu-openldap slapd[4878]: conn=4 op=1 SEARCH RESULT tag=101 err=0 nentries=30 text=