LDAP

robertkwild · 02-04-2015, 09:52 AM

hi all,

i have installed openldap with phpldapadmin and on a centos client machine i can login using the ldap user i created on the ldap server via phpldapadmin

but i get couple of error messages when i log in -

1.could not update ICEauthority
2.there is a problem with the configuration server
3.nautilus could not create the following required folders

i did research and i found i needed to run this command so it creates a home directory when it first logs in -

authconfig --enablemkhomedir --update

but it doesnt solve the problem

can anyone please help

rob

frndrfoe · 02-05-2015, 02:13 PM

Make sure autofs is not running. If running and set with defaults autofs will control /home and not allow mkhomedir to create directories

robertkwild · 02-05-2015, 05:47 PM

after nearly 2 weeks all done

this is how i installed on both server and client

server -

openldap -

http://docs.adaptivecomputing.com/vi...ttingUpOpenLDA...

phpldapadmin -

http://blog.zwiegnet.com/linux-serve...n-on-centos-6/

i maked a directory /home_share and exported it like this -

/home_share *(rw,sync,no_subtree_check,no_root_squash)

chkconfig iptables/ip6tables off

chkconfig httpd/slapd/nfs on

client -

i created a directory /home_share and then in fstab i mounted the export on the server like so -

/ipaddress:/home_share /home_share nfs defaults 0 0

installed "openldap" "openldap-clients" "nss-pam-ldapd"

edited the file "/etc/sysconfig/authconfig" changed "forcelegacy" from no to yes

open up terminal and run this command -

authconfig --enablemkhomedir --update

open up terminal and run -

authconfig-tui

choose both LDAP options and on the next screen enter in ldap ip and domain info

chkconfig iptables/ip6tables off

chkconfig oddjobd on

frndrfoe · 02-06-2015, 08:06 AM

Quote:

Originally Posted by robertkwild

/home_share *(rw,sync,no_subtree_check,no_root_squash)

Feeling lucky?

robertkwild · 02-06-2015, 08:12 AM

why do you say that?

what should it be

frndrfoe · 02-06-2015, 08:25 AM

I would only export to machines that were under my control and be picky with the no_root_squash or remove it completely.

Anyone with their own machine could mount /home_share, become root and see every one else's home directory.

robertkwild · 02-06-2015, 08:28 AM

but doesnt it need to be no root squash so the home directoeys can get created by the ldap server?

my old export lookewd like this -

rw,nohide,insecure,async,no_subtree_check

would the above work?

frndrfoe · 02-11-2015, 08:19 AM

But you exports entry shows it exported to every host with no_root_squash even if you need that for one server.

robertkwild · 02-17-2015, 05:26 AM

so how would you do it?