Salutare , am si eu o mica dilema cu fedora directory server sa zicem ca am urmatoarele necesitati
5 useri (alex , vasile , ion , costel , maria ) si 3 calculatoare (pc1 , pc2 , pc3) aplic urmatoarea schema : user1 : --------------------------------------------------------------- # alex, People, pol.ro dn: uid=alex,ou=People,dc=pol,dc=ro givenName: Alex sn: Dumitru loginShell: /bin/bash uidNumber: 1069 gidNumber: 100 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: alex cn: Alex Dumitru homeDirectory: /home/alex ------------------------------------------------------------------- user2 : --------------------------------------------------------------- # vasile, People, pol.ro dn: uid=vasile,ou=People,dc=pol,dc=ro givenName: Vasile sn: Dragos loginShell: /bin/bash uidNumber: 1070 gidNumber: 100 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: alex cn: Vasile Dragos homeDirectory: /home/vasile ------------------------------------------------------------------- user3 : --------------------------------------------------------------- # ion, People, pol.ro dn: uid=ion,ou=People,dc=pol,dc=ro givenName: Ion sn: Gheorghe loginShell: /bin/bash uidNumber: 1071 gidNumber: 100 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: ion cn: Ion Gheorghe homeDirectory: /home/ion ------------------------------------------------------------------- user4 : --------------------------------------------------------------- # costel, People, pol.ro dn: uid=costel,ou=People,dc=pol,dc=ro givenName: Costel sn: George loginShell: /bin/bash uidNumber: 1073 gidNumber: 100 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: costel cn: Costel George homeDirectory: /home/costel ------------------------------------------------------------------- user5 : --------------------------------------------------------------- # maria, People, pol.ro dn: uid=maria,ou=People,dc=pol,dc=ro givenName: Maria sn: Gavrila loginShell: /bin/bash uidNumber: 1080 gidNumber: 100 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount uid: maria cn: Maria Gavrila homeDirectory: /home/maria ------------------------------------------------------------------- pc1: ------------------------------------------------------------------- # pc1, Groups, pol.ro dn: cn=pc1,ou=Groups,dc=pol,dc=ro objectClass: top objectClass: groupofuniquenames objectClass: posixgroup uniqueMember: uid=alex,ou=People,dc=pol,dc=ro uniqueMember: uid=maria,ou=People,dc=pol,dc=ro cn: pc1 gidNumber: 100 memberUid: alex memberUid: maria --------------------------------------------------------------------- pc2: ------------------------------------------------------------------- # pc2, Groups, pol.ro dn: cn=pc1,ou=Groups,dc=pol,dc=ro objectClass: top objectClass: groupofuniquenames objectClass: posixgroup uniqueMember: uid=alex,ou=People,dc=pol,dc=ro uniqueMember: uid=maria,ou=People,dc=pol,dc=ro uniqueMember: uid=vasile,ou=People,dc=pol,dc=ro cn: pc2 gidNumber: 100 memberUid: alex memberUid: maria memberUid: vasile --------------------------------------------------------------------- pc3: ------------------------------------------------------------------- # pc3, Groups, pol.ro dn: cn=pc3,ou=Groups,dc=pol,dc=ro objectClass: top objectClass: groupofuniquenames objectClass: posixgroup uniqueMember: uid=costel,ou=People,dc=pol,dc=ro uniqueMember: uid=ion,ou=People,dc=pol,dc=ro uniqueMember: uid=maria,ou=People,dc=pol,dc=ro cn: pc3 gidNumber: 100 memberUid: costel memberUid: ion memberUid: maria --------------------------------------------------------------------- , pana aici toate bune si frumoase ldap.conf arata cam asa : URI ldap://pol.ro port=389 BASE dc=pol,dc=ro host pol.ro TLS_CACERTDIR /etc/openldap/cacerts TLS_REQCERT allow scope sub bind_policy soft #pam_password exop pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberUid pam_groupdn cn=pc1,ou=Groups,dc=pol,dc=ro #pam_groupdn cn=pc2,ou=Groups,dc=pol,dc=ro #pam_groupdn cn=pc3,ou=Groups,dc=pol,dc=ro pam_check_host_attr yes nss_default_attribute_value loginShell /bin/false nss_base_passwd ou=People,dc=pol,dc=ro nss_base_shadow ou=People,dc=pol,dc=ro nss_base_group ou=Groups,dc=pol,dc=ro ------------------------------------------------------------------------ iar in pam am system-auth care este folosit la toate autentificarile care arata asa : #%PAM-1.0 auth required pam_env.so auth [success=ignore default=1] pam_localuser.so auth [success=done new_authtok_reqd=done default=1] pam_unix.so likeauth nullok try_first_pass auth sufficient pam_ldap.so try_first_pass auth required pam_deny.so account sufficient pam_unix.so account required pam_access.so account sufficient pam_ldap.so password required pam_cracklib.so difok=2 minlen=2 dcredit=2 ocredit=2 retry=1 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so #Creates the home directories if they do not exist session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_ldap.so si mai am # /etc/nsswitch.conf: # $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $ passwd: compat ldap shadow: compat ldap group: compat ldap .................... acum apare problema mea cea mai mare eu am acei useri si acele grupuri dar pam-ul meu nu prea vrea sa ma asculte ; toti userii se logheaza pe toate sistemele nu reusesc sa gasesc unde este problema , unde ar trebui sa fac delimitarea intre userii care au acces la pc si care nu au ............ "prietenul meu GOOGLE" nu m-a ajutat mai deloc , mai mult m-a bagat in "ceata" so .... s-a mai lovit cineva de problema asta ? foloseste cineva un sistem de autentificare centralizat bazat pe LDAP ? si ma poate indruma pe calea buna ? Multumesc Bogdan _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
