Ldap - connect from ubuntu/debian


(Wolfgang Höfer) #1

Hi,

up to now I didn’t have the necessity to communicate encrypted in our network at school.
So my own little LDAP-Setup was really simple but sufficient.
With nethserver it seems to me, that LDAP communication ist per default encrypted. I saw in the manual, that it can be disabled - ok, but why should I :slight_smile: It’s ok, if it’s preinstalled like that …

but … I want to authenticate ubuntu-Clients (and Mint) against the LDAP and i didn’t find a really
detailed tutorial how to do that. Many of the online-stuff is years old and many of the HowTos stop right before the part, where the CLIENT-side is explained. Has anybody a good source for me?
( … unfortunatelly I haven’t got the time to read all the relevant RFC’s … )

Thanks
Wolfgang


(Davide Principi) #2

Hi @Wolfgang_Hofer,

:worried: I’ve no experience on Linux workstations as LDAP clients. Sadly it seems the majority of people want MS!

However I see what you’re describing is quite popular in educational environments. Let me know if you’ll find a good tutorial for the client part. For NethServer I’ll be happy to help :smile:


(Stefano) #3

Usually (ubuntu clients, either real or ltsp ones) I join clients to NS domain
AFAICS there’s no documentation ready… you can find something useful on
http://wiki.contribs.org/Client_Authentication
HTH

Inviato da Samsung Mobile


(Wolfgang Höfer) #4

Thanks :smile:

up to now i was able to autenticate my clients against the LDAP of nethserver.
Looking back, it was no big deal …
My major problem was the missing nfs-Server on the nethserver. I am not good enough with
Centos and the nethserver firewall, … to get a nfs server running.

My way around was to install a seperat machine as NFS-Server that autenticates against the LDAP, too.
The home-Directories are now located on this nfs server and I don’t use those on Nethserver …
That is no perfect solution, i know - but for me it’s ok.

As soon as i’ve got ist really working, i will write a small guide …

Wolfgang


(Davide Principi) #5

Thanks @Wolfgang_Hofer,
does anybody want to write a NFS howto? Maybe @islipfd19 has some guidelines…


(Wolfgang Höfer) #6

Short question …

HowTows … where, which format, …

Before i do the work twice :slight_smile:


(Davide Principi) #7

Guys like @AbsyntH and @sitz for instance, from the how to team can surely help with the format and category.

I think you can start safely by posting it here or just by sharing a link!


(Wolfgang Höfer) #8

Ok … for the moment it is available here:

http://hoefhelp.de/ldapconfig/Doku.md


(JamesMillar) #9

I basically googled NFS on CentOS to find some guides to set it up. Then I troubleshooted it to get it to work with Nethserver. I followed the development guide to add the NFS specific services and proper ports to Nethserver (there are a lot used by NFS).


(Wolfgang Höfer) #10

Hi,

ok - i tried, too. But i never knew exactly, where my settings would interfere with those of nethserver.
For example, the service never showed up in the webgui. I never was really sure, if the firewalling was configured correctly …
Unfortunately I had not the time to solve all the “little” problems along the way with my level of knowledge. Would be great, if you could sum up your steps, too.
And as I wrote, i normally use debian like systems - and to switch over to CentOS is a question of time …

Regards
Wolfgang


(JamesMillar) #11

I’m running two NethServers on my network, one’s the primary file server and the second is the backup server. They backup to each other.

This page in the development documentation explains how to add the service to NethServer [Services - Nethserver Dev Doc][1]

The services I added are:

nfs - Ports: TCP: 111,832,1110,1598,1651,2049,2323,23,63,4045,5009,20049
             UDP: 111,832,1110,1598,1651,2049,2323,23,63,4045,5009,20049
nfslock
rpcbind
rpsgssd
rpcidmapd
rpcsvcgssd

The service rpcgssd and rpcsvcgssd always reports as ‘Stopped’ on the services tab. They only run when required. There is of course all of the configuration files you’ll need to setup for NFS as well. That’s where Google becomes you friend :smile:. To make it easier to test, you should stopped the firewall while setting it up and making the connection first. Just to prove that you are able to get it to connect. Then start the firewall and see what happens. I did that a number of times while stopping and starting the NFS services and rebooting the server just so that I know they connect if anything were to happen. If you start the NFS service and connect to it and then start the firewall, the connection may remain until the NFS service is restarted.

In the end I still had some issues while getting the servers to connect so I added each server in the others firewall and allow all communication between them. I believe I was missing a number of ports that were required and didn’t have the time to hunt them all down.
[1]: http://docs.nethserver.org/projects/nethserver-devel/en/latest/services.html


(Alessio Fattorini) #12

@islipfd19 @Wolfgang_Hofer thanks for share your efforts, really helpful!
Hope to see an howto like those so that people could follow your guidelines :wink:

That’s highly interesting, you could make a good work about this! Please write down an howto step-to-step


(Wolfgang Höfer) #13

Hi,

I just follow my own steps to test the doku, but actually i am running in some issues … seems i forgot something … there will be an update … soon(?) :slight_smile:


(JamesMillar) #14

I’m going to make an attempt at a rudimentary how-to. I’m hoping to find time in the coming days to do this.


(Alessio Fattorini) #15

Take a look at this draft by @Wolfgang_Hofer


(Wolfgang Höfer) #16

The script is at the end of the howto.
I hope, there are no problems with line-breaks …

perhaps someone ccould test it :slight_smile:


(JamesMillar) #17

I’ve typed up a How-To for NFS. I hope it’s complete enough as I wrote it from memory and it’s slightly different than how I implemented it.

NFS How-To