Hello One more thing I have always preferred to use fedora ds 1.0.2 version because version later then 1.1 are not self contained. I like to mention that the Fedora Directory Server 1.0.2 is self contained meaning that all its binaries and libraries are in the installation directory in the default directory /opt/fedora-ds. So you can backup it before you do something and screw up.
you can take backup of it using tar cpfz /opt/fedora-ds.backup.tgz /opt/fedora-ds and in case of any problem all you need to do is [r...@auth fedora-ds]# pwd /opt/fedora-ds [r...@auth fedora-ds]# ./stop-admin [r...@auth fedora-ds]# cd slapd-auth/ [r...@auth slapd-auth]# ./stop-slapd [r...@auth slapd-auth]# cd /opt [r...@auth opt]# rm -rf fedora-ds [r...@auth opt]# tar xpfz fedora-ds.tgz [r...@auth opt]# cd fedora-ds [r...@auth fedora-ds]# cd slapd-auth/ [r...@auth slapd-auth]# ./start-slapd [r...@auth slapd-auth]# cd .. [r...@auth fedora-ds]# ./start-admin anyways this is a personal choice... i am adding the process of installing fedora ds 1.0.2 [r...@auth /]# rpm -ivh fedora-ds-1.0.2-1.FC4.i386.opt.rpm Preparing... ########################################### [100%] 1:fedora-ds ########################################### [100%] Install finished. Please run /opt/fedora-ds/setup/setup to complete installation and set up the servers. Now lets run the setup like it advised ie [r...@auth / ]# /opt/fedora-ds/setup/setup INFO Begin Setup . . . It will do a tune analysis of your Linux system, typically you will see these messages. WARNING: 512MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system. NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. WARNING: There are only 1024 file descriptors (hard limit) available, which limit the number of simultaneous connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. I would advise you to make these changes to your systems especially if you are going to use it in a production environment. To cancel it and rectify the warning press ctrl-c, and do the following echo 21600 >> /proc/sys/net/ipv4/tcp_keepalive_time (For 2.6.x Kernels) Edit the file /etc/sysctl.conf and add the following lines fs.file-max = 64000 Edit the file /etc/security/limits.conf and add the following lines * soft nofile 8192 * hard nofile 8192 Put more Ram and install it (Iâve had it used up to a 1GB of ram at times but then again I do have a quite a few users on it) Re-Run the installation the warning should of disappeared, pick Custom â" lots of customization and note the details down especially the port numbers for LDAP connection and Administration port for Administration Server, admin and Directory Manager password as you will need them later on. For My installations its as follows Hostname to use (default: auth.lnmiit.ac.in) (Press enter for default) Server user ID to use (default: nobody) (Press enter for default) Server group ID to use (default: nobody) (Press enter for default) Do you want to register this software with an existing with an existing Fedora configuration directory server? [No] (Press enter for default -> No) Do you want to use another directory to store your data? [No] (Press enter for default -> No) Directory server network port [389]: (Press enter for default) Directory server identifier [auth]: (Press enter for default) Fedora configuration directory server administrator ID [admin] (Press enter for default) Password: whatsoever The suffix is the root of your directory tree. You may have more than one suffix. Suffix [dc=auth, dc=lnmiit, dc=ac, dc=in]: (Press enter for default) Directory Manager DN [cn=Directory Manager]: (Press enter for default) Password: whatsoever Administration Domain [auth.lnmiit.ac.in]: (Press enter for default) Do you want to install the sample entries? [No]: (Press enter for default) Type the full path and filename, the word suggest, or the word none [suggest]: (Press enter for default) Administration port [58509]: (Press enter for default) Apache Directory [/usr/sbin/]: (Press enter for default) Hostname to use (default: auth.lnmiit.ac.in) Server user ID to use (default: nobody) Server group ID to use (default: nobody) Now thatâs the basic Directory Server configured out of the box. But we will want to do quite a few things such as enable LDAPs secure connection, Password Policy Manager etc. The screen you should get should be similar to this shown below. [slapd-auth]: starting up server ... [slapd-auth]: Fedora-Directory/1.0.2 B2006.060.1951 [slapd-auth]: auth.lnmiit.ac.in:389 (/opt/fedora-ds/slapd-auth) [slapd-auth]: [slapd-auth]: [21/Dec/2009:10:56:43 +0800] - Fedora-Directory/1.0.2 B2006.060.1951 starting up [slapd-auth]: [21/Dec/2009:10:56:43 +0800] - slapd started. Listening on All Interfaces port 389 for LDAP requests Your new directory server has been started. Created new Directory Server Start Slapd Starting Slapd server configuration. Success Slapd Added Directory Server information to Configuration Server. Configuring Administration Server... Setting up Administration Server Instance... Configuring Administration Tasks in Directory Server... Configuring Global Parameters in Directory Server... You can now use the console. Here is the command to use to start the console: cd /opt/fedora-ds ./startconsole -u admin -a http://auth.lnmiit.ac.in:58509/ INFO Finished with setup, logfile is setup/setup.log [r...@auth fedora-ds]# --- In [email protected], "arpit tolani" <arpittol...@...> wrote: > > Hello > First of all i am really very sorry for the late reply, i was on a long leave > then bussy in some personal works > > ok now as you have setup the Fedora-ds Server now we have to pupolate it with > users and group.. > > i am telling it with example of my network.. my rdn is > dc=auth,dc=lnmiit,dc=ac,dc=in > so this is a test.ldif with one user and group entry. i have added object > classes of posix users also so that user can act as a normal linux user as we > use it for nfs authentication also. > > contents of test.ldif > # user100, People, auth.lnmiit.ac.in > dn: uid=user100,ou=People,dc=auth,dc=lnmiit,dc=ac,dc=in > sn: user100 > loginShell: /bin/bash > uidNumber: 10750 > gidNumber: 10750 > shadowMax: 99999 > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: shadowAccount > objectClass: top > uid: user100 > shadowLastChange: 12994 > cn: user100 > homeDirectory: /home/user100 > shadowWarning: 7 > userPassword: whatsoever > > # user100, Groups, auth.lnmiit.ac.in > dn: cn=user100,ou=Groups,dc=auth,dc=lnmiit,dc=ac,dc=in > gidNumber: 10750 > objectClass: posixGroup > objectClass: top > cn: user100 > userPassword: {crypt}x > > > then by the following command you can add this in your Directory server > ldapadd -x -D "cn=Directory manager" -w ldappassword -h localhost -f test.ldif > > now you can authenticate the same user with lots of service either directly > or either by mapping ldap user to pam mechanism by the following step > run authconfig-tui > select Use LDAP and Use LDAP Authentication > and then specifying server and Base DN > > after that run > getent passwd to check whether your ldap user is mapped to pam user or not. > > to authenticate squid against ldap directly you can use > > auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=auth, > dc=lnmiit, dc=ac, dc=in" -f "uid=%s" -h localhost > > or by pam > auth_param basic program /usr/lib/squid/pam_auth > > *** depending on your squid settings. > > now you can authenticate vsftpd and a lot service with it > > now configuring samba with ldap.. as i stated earlier also i havent done that > as it is not used by my organisation you can go here > http://directory.fedoraproject.org/wiki/Howto:Samba > > now your last problem authenticating users of AD you can sync ldap and active > directory > > for this you have to make slight changes in your test.ldif > you have to add attributes of nt user > here is the example > # ashish, staff, People, auth.lnmiit.ac.in > dn: uid=ashish,ou=staff,ou=People,dc=auth,dc=lnmiit,dc=ac,dc=in > sn: ashish > loginShell: /bin/bash > uidNumber: 10073 > gidNumber: 10073 > shadowMax: 99999 > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: shadowAccount > objectClass: top > objectClass: ntuser > uid: ashish > shadowLastChange: 12994 > cn: ashish > homeDirectory: /home/ashish > shadowWarning: 7 > userPassword: whatsoever > ntUserDomainId: ashish > ntUserCreateNewAccount: true > ntUserDeleteAccount: true > > # ashish, Groups, auth.lnmiit.ac.in > dn: cn=ashish,ou=Groups,dc=auth,dc=lnmiit,dc=ac,dc=in > gidNumber: 10073 > objectClass: posixGroup > objectClass: top > cn: ashish > userPassword: {crypt}x > > and for more AD and LDAP sync you can again contact me, i will tell you in > detail, but i wasnt able to sync passwords of ldap into ad.. i just synced > users of ldap into AD.. but will a little more effort you can sync password > also. > > have a good day.. > go ahead to work out and do reply if you find any problem > > Arpit Tolani > > > > > --- In [email protected], MSK <comeatmanish@> wrote: > > > > Hi, > > > > Thanks for your suggestion. > > > > Have downloaded & installed fedora. Now i'm ready to run setup-ds-admin.pl > > Please guide me for the further setup. > > > > Regards, > > MSK > > > > --- On Wed, 11/25/09, arpit tolani <arpittolani@> wrote: > > > > From: arpit tolani <arpittolani@> > > Subject: [LinuxVadaPav] Re: Regarding SSO confiuration ... > > To: [email protected] > > Date: Wednesday, November 25, 2009, 12:08 PM > > > > > > > > > > > > > > > >  > > > > > > > > > > > > > > > > > > > > For This you can configure Fedora DS in linux and the users of Fedora > > DS will authenticate the users of squid and samba. for AD you can create > > replication between AD and Fedora DS. > > > > at my place i am authenticating users of Fedora DS against squid, nfs, ftp, > > apache & postfix. I have also replicated users of Fedora DS to AD but wasnt > > successfull in replicating the password :( > > > > anyways tell me if you are interested in this.. i will help you out abt how > > can you achive it > > > > > > > > Arpit Tolani > > > > > > > > --- In linuxvadapav@ yahoogroups. com, MSK <comeatmanish@ ...> wrote: > > > > > > > > > > Hi All, > > > > > > > > > > In my office we have windows ADS, samba for file sharing & squid for > > > internet access. > > > > > currently i have to create user on ADS & samba & squid in order to > > > provide them access to these services. > > > > > > > > > > I want to introduce SSO (single sign on) in such way that i'll have to > > > create user on ADS & all services would be accessible the user. > > > > > > > > > > I did some google on thing but cannt find the proper solution, If any one > > > has configured similar to the above requirement please guide me. > > > > > > > > > > Regards, > > > > > MSK > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [Non-text portions of this message have been removed] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [Non-text portions of this message have been removed] > > >
