Adding a machine to the ldap server

I finally got ldap running (ugh, what a headache), and this is how we add a new machine to the server.

Install the required packages. This will also invoke some questions:

apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils libcap2 libcap2-bin libpam-ck-connector

The server address is:

ldap://192.168.0.40

Authority is

dc=edwards,dc=sdsu,dc=edu

Use LDAP version 3, do not make root an admin (answer NO to this), and the server does not require login (answer NO again).

Then

edit /etc/ldap.conf and check that the uri is ldap://192.168.0.40 and not ldapi///192.168.0.40

then, change these two lines

bind_policy hard

bind_policy soft

and change

pam_password md5

pam_password crypt

then edit /etc/ldap/ldap.conf and add the following lines:

BASE dc=edwards,dc=sdsu,dc=edu

URI ldap://192.168.0.40

SIZELIMIT 0

TIMELIMIT 0

DEREF never

BASE dc=edwards,dc=sdsu,dc=edu
URI ldap://192.168.0.40
SIZELIMIT 0
TIMELIMIT 0
DEREF never

Next, make sure that /etc/nsswitch.conf is correct. The lines for password, group, and shadow should be:

passwd: files ldap
group: files ldap
shadow: files ldap

Lastly, edit the pam files:

edit /etc/pam.d/common-auth and add this line at the end:

auth optional pam_cap.so

edit /etc/pam.d/common-session and add these two lines at the end:

session optional pam_ck_connector.so nox11
session required pam_mkhomedir.so umask=0022 skel=/etc/skel

You should be good to go! Restart ldap, ncsd, etc

service libnss-ldap restart
pam-auth-update
/etc/init.d/nscd restart

and load the database.

nss_updatedb ldap

this should output the following:

passwd… done.
group… done.

If so, everything is A-OK and you can delete all your local users (or maybe deactivate them for a while :))

EdwardsLab