I have finally finished setting up LDAP, LAM and SAMBA and have added machines to my network using TLS and asymetric authentication. At this point the only authentication that is happening is only from the accounts that I specify in LAM/LDAP. The problem I am having issues with is trying to centralize my authentications through one source which in this case is LDAP and SAMBA using LAM(LDAP Account Manager). Whenever I try and use fedora authentication program to try and point everything to LDAP for authentication is freezes the whole system and then I have to use disk 1 and go into recovery mode to remove the entries in nsswitch.conf. Here are is /etc/LDAP.conf
PHP Code:
#host 127.0.0.1
uri ldaps://Test.Example.com/
base dc=Example,dc=com
pam_password md5
tls_checkpeer yes
tls_cacert /etc/openldap/cacerts/cacert.pem
#binddn cn=Manager,dc=Example,dc=com
#bindpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssl start_tls
TLS_CACERTDIR /etc/openldap/cacerts
URI ldaps://Test.Example.com/
BASE dc=Example,dc=com
My /etc/openldap/slapd.conf
PHP Code:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
TLSCertificateFile /etc/openldap/cacerts/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/cacerts/slapdkey.pem
database bdb
suffix "dc=Example,dc=com"
rootdn "cn=Manager,dc=Example,dc=com"
# rootpw = not24get
rootpw {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
directory /var/lib/ldap
#index objectClass eq,pres
#index ou,cn,mail,surname,givenname eq,pres,sub
#index uidNumber,gidNumber,loginShell eq,pres
#index uid,memberUid eq,pres,sub
#index nisMapName,nisMapEntry eq,pres,sub
Indices to maintain
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
My /etc/nsswitch.conf
PHP Code:
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
What do I need to do to get this system to authenticate everything from LDAP including the local system this it resides on? I want a central point of authentication!