2:39 a.m.
Hi,
So I finally managed to get a 389 Directory Server up and running on a
spare CentOS 7 server. I can open the console even on a remote desktop
(using ssh -X), connect to my LDAP database, create a handful of users,
and I even managed to setup TLS.
The next step is getting a Linux client to authenticate using the
credentials stored on my servers.
Normally I'm running OpenSUSE Leap 15.1 KDE on all my desktop clients,
but for the sake of experimenting, information about any distribution is
welcome.
So far I've been using a bone-headed NIS/NFS setup, which I intend to
replace with 389 DS and secure connections.
I tried to connect my OpenSUSE clients to my 389 DS where I had the odd
fleeting success and many failures. You know that feeling when you spent
a whole weekend on a configuration and things still don't work?
I'd like to get a firm grasp on how to connect my Linux clients to the
389 DS. So ideally I'd be glad to find some detailed documentation about
that. Even if it's based on a different distribution.
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info(a)microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
6:09 p.m.
New subject: Setup a Linux client for authentication against 389 DS + TLS
Hi there,
http://www.port389.org/docs/389ds/howto/howto-sssd.html
http://www.port389.org/docs/389ds/howto/quickstart.html#setup-sssd
The quickstart has some parts about cert management, but the howto-sssd is the
configuration I use.
You'll need to also adjust pam/nsswitch. On opensuse you'll need to change:
common-account-pc
common-auth-pc
common-password-pc
common-session-pc
You can find my versions here:
https://github.com/Firstyear/ansible-home/tree/master/templates/auth/pam.d
https://github.com/Firstyear/ansible-home/blob/master/templates/auth/nssw...
It's always a good idea to keep backups, know how to single user the machine, and to
test that after the changes are made that no password/wrong password/wrong username all
get denied access etc.
Does that help?
On 26 Aug 2019, at 17:39, Nicolas Kovacs <info(a)microlinux.fr>
wrote:
Hi,
So I finally managed to get a 389 Directory Server up and running on a
spare CentOS 7 server. I can open the console even on a remote desktop
(using ssh -X), connect to my LDAP database, create a handful of users,
and I even managed to setup TLS.
The next step is getting a Linux client to authenticate using the
credentials stored on my servers.
Normally I'm running OpenSUSE Leap 15.1 KDE on all my desktop clients,
but for the sake of experimenting, information about any distribution is
welcome.
So far I've been using a bone-headed NIS/NFS setup, which I intend to
replace with 389 DS and secure connections.
I tried to connect my OpenSUSE clients to my 389 DS where I had the odd
fleeting success and many failures. You know that feeling when you spent
a whole weekend on a configuration and things still don't work?
I'd like to get a firm grasp on how to connect my Linux clients to the
389 DS. So ideally I'd be glad to find some detailed documentation about
that. Even if it's based on a different distribution.
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : info(a)microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
1698
days inactive
1698
days old
389-users@lists.fedoraproject.org
1 comments
2 participants
participants (2)
-
Nicolas Kovacs -
William Brown