Hello
First of all i am really very sorry for the late reply, i was on a long leave
then bussy in some personal works
ok now as you have setup the Fedora-ds Server now we have to pupolate it with
users and group..
i am telling it with example of my network.. my rdn is
dc=auth,dc=lnmiit,dc=ac,dc=in
so this is a test.ldif with one user and group entry. i have added object
classes of posix users also so that user can act as a normal linux user as we
use it for nfs authentication also.
contents of test.ldif
# user100, People, auth.lnmiit.ac.in
dn: uid=user100,ou=People,dc=auth,dc=lnmiit,dc=ac,dc=in
sn: user100
loginShell: /bin/bash
uidNumber: 10750
gidNumber: 10750
shadowMax: 99999
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
uid: user100
shadowLastChange: 12994
cn: user100
homeDirectory: /home/user100
shadowWarning: 7
userPassword: whatsoever
# user100, Groups, auth.lnmiit.ac.in
dn: cn=user100,ou=Groups,dc=auth,dc=lnmiit,dc=ac,dc=in
gidNumber: 10750
objectClass: posixGroup
objectClass: top
cn: user100
userPassword: {crypt}x
then by the following command you can add this in your Directory server
ldapadd -x -D "cn=Directory manager" -w ldappassword -h localhost -f test.ldif
now you can authenticate the same user with lots of service either directly or
either by mapping ldap user to pam mechanism by the following step
run authconfig-tui
select Use LDAP and Use LDAP Authentication
and then specifying server and Base DN
after that run
getent passwd to check whether your ldap user is mapped to pam user or not.
to authenticate squid against ldap directly you can use
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=auth, dc=lnmiit,
dc=ac, dc=in" -f "uid=%s" -h localhost
or by pam
auth_param basic program /usr/lib/squid/pam_auth
*** depending on your squid settings.
now you can authenticate vsftpd and a lot service with it
now configuring samba with ldap.. as i stated earlier also i havent done that
as it is not used by my organisation you can go here
http://directory.fedoraproject.org/wiki/Howto:Samba
now your last problem authenticating users of AD you can sync ldap and active
directory
for this you have to make slight changes in your test.ldif
you have to add attributes of nt user
here is the example
# ashish, staff, People, auth.lnmiit.ac.in
dn: uid=ashish,ou=staff,ou=People,dc=auth,dc=lnmiit,dc=ac,dc=in
sn: ashish
loginShell: /bin/bash
uidNumber: 10073
gidNumber: 10073
shadowMax: 99999
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
objectClass: ntuser
uid: ashish
shadowLastChange: 12994
cn: ashish
homeDirectory: /home/ashish
shadowWarning: 7
userPassword: whatsoever
ntUserDomainId: ashish
ntUserCreateNewAccount: true
ntUserDeleteAccount: true
# ashish, Groups, auth.lnmiit.ac.in
dn: cn=ashish,ou=Groups,dc=auth,dc=lnmiit,dc=ac,dc=in
gidNumber: 10073
objectClass: posixGroup
objectClass: top
cn: ashish
userPassword: {crypt}x
and for more AD and LDAP sync you can again contact me, i will tell you in
detail, but i wasnt able to sync passwords of ldap into ad.. i just synced
users of ldap into AD.. but will a little more effort you can sync password
also.
have a good day..
go ahead to work out and do reply if you find any problem
Arpit Tolani
--- In [email protected], MSK <comeatman...@...> wrote:
>
> Hi,
>
> Thanks for your suggestion.
>
> Have downloaded & installed fedora. Now i'm ready to run setup-ds-admin.pl
> Please guide me for the further setup.
>
> Regards,
> MSK
>
> --- On Wed, 11/25/09, arpit tolani <arpittol...@...> wrote:
>
> From: arpit tolani <arpittol...@...>
> Subject: [LinuxVadaPav] Re: Regarding SSO confiuration ...
> To: [email protected]
> Date: Wednesday, November 25, 2009, 12:08 PM
>
>
>
>
>
>
>
> Â
>
>
>
>
>
>
>
>
>
> For This you can configure Fedora DS in linux and the users of Fedora
> DS will authenticate the users of squid and samba. for AD you can create
> replication between AD and Fedora DS.
>
> at my place i am authenticating users of Fedora DS against squid, nfs, ftp,
> apache & postfix. I have also replicated users of Fedora DS to AD but wasnt
> successfull in replicating the password :(
>
> anyways tell me if you are interested in this.. i will help you out abt how
> can you achive it
>
>
>
> Arpit Tolani
>
>
>
> --- In linuxvadapav@ yahoogroups. com, MSK <comeatmanish@ ...> wrote:
>
> >
>
> > Hi All,
>
> >
>
> > In my office we have windows ADS, samba for file sharing & squid for
> > internet access.
>
> > currently i have to create user on ADS & samba & squid in order to provide
> > them access to these services.
>
> >
>
> > I want to introduce SSO (single sign on) in such way that i'll have to
> > create user on ADS & all services would be accessible the user.
>
> >
>
> > I did some google on thing but cannt find the proper solution, If any one
> > has configured similar to the above requirement please guide me.
>
> >
>
> > Regards,
>
> > MSK
>
> >
>
> >
>
> >
>
> >
>
> >
>
> > [Non-text portions of this message have been removed]
>
> >
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> [Non-text portions of this message have been removed]
>
