LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-13-2012, 11:05 AM   #1
malak33
Member
 
Registered: Dec 2011
Location: Amish Country PA, USA
Distribution: CentOS 6.2
Posts: 104

Rep: Reputation: 3
LDAP server and NFS issues


First of all I'm using CentOS 6.3 and trying to install an LDAP server and NFS server. From there i want a client machine to access the server and authenticate using LDAP and mount the NFS directory. I'm having problems finding a how to guide for this. I have pieced together some different guides as best i could that made sense to me.


I have before set up a NFS server and a client to mount the NFS directory. I'm a little lost excatly how to make LDAP be used. i will post what i have done so fare here. Any help and or guidence would be very much appreciated. Both the server and the client are on VM's right now. i also did a
Code:
ldapsearch -x -H serverip
and the client could see the server.
Here is what i have done so far

TL;DR need help setting up a ldap and nfs server on a vm; and on the client authenticate using ldap to mount the nfs folder.
Code:
Ldap
Sources: http://zee.linxsol.com/system-administration/centos-62-installing-ldap-directory-services-using-cli.html
http://exablurb.blogspot.com/2012/01/introduction-nfs-v4-requirements-nfs-v3.html


1. 
yum install openldap-servers openldap-clients migration tools

2.
 Edit your ldap.conf file and enter the IP address or domain name of your server:
 
vi /etc/openldap/ldap.conf
URI ldap://192.168.1.39
BASE dc=ldap,dc=com

3. 
Copy the sample files from /usr/share/openldap to /etc/openldap and var/lib/ldap:
 
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
cp /usr/share/openldap-servers/DB_CONFIG.example  /etc/openldap/DB_CONFIG


cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
cp /usr/share/openldap-servers/slapd.conf.obsolete /var/lib/ldap/slapd.conf

4
.Setup a new root password:
slappasswd
New password:   
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
{SSHA}KwdGwU7MCAbovTA/IycoaGb+A(zero)LePze8
 
Copy the password as you need to enter the password in slapd.conf:

5. 
vi /etc/openldap/slapd.conf
:%s/dc=my-domain/dc=ldap/g  #This regex will replace all the instances of my-domain with your domain name.
rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

6. If this doesnt work i might want to look at another option at ldif files
Create a root.ldif file and enter the entries below:
vi /root/root.ldif
#root
dn: dc=ldap,dc=com
dc: ldap
objectClass: dcObject
objectClass: organizationalUnit
ou: shan.com
 
#staff
dn: ou=staff,dc=ldap,dc=com
ou: staff
objectClass: organizationalUnit

7. 
Remove everything in slapd.d dir and tell the slapd for root.ldif file:
 
rm -rf /etc/openldap/slapd.d/*
slapadd -n 2 -l /root/root.ldif
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d

8.
Set the appropriate permissions:
chown -R ldap:ldap /var/lib/ldap
chown -R ldap:ldap /etc/openldap/slapd.d

9
Make sure the service is on on the runlevel 3:
chkconfig --level 235 slapd on
service slapd start

10. Might be able to skip this part
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart

11.
Create an SSL certificate:
 
cd /etc/pki/tls/certs
rm slapd.pem
make slapd.pem
chmod 640 slapd.pem
chown :ldap slapd.pem
ln -s /etc/pki/tls/certs/slapd.pem /etc/openldap/certs/slapd.pem
vi /etc/sysconfig/ldap
SLAPD_LDAPS=yes

vi /etc/openldap/slapd.conf
TLSCACertificatePath /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

vi /etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/certs
TLS_REQCERT never

12.
Test if everything is up and working fine:
 
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /etc/openldap/slapd.d
service slapd restart
ldapsearch -x -ZZ -h localhost (TLS)
ldapsearch -x -H ldaps://localhost (SSL)  - i got an error here not too concerned right now

13. misc things i forgot to do

iptables -F
iptables -L

useradd testuser
passwd testuser
useradd m
passwd m

14. i didnít have any users in the ldap so....

The directory is to be used to manage the users, groups, hosts etc., openldap comes with a number of scripts that can be used to copy existing values into the directory. These scripts are installed into/usr/share/openldap/migration. Start by editing the migrate_common.ph script and replace all instances of the domain padl.com with the domain that you are using for your directory.

For example, in our case we are using the domain el01.com so substitute all string occurances of "padl" with "el01".

more than likely you will have errors that can be ignored.

Configuring a client to use LDAP

15.

The client will need most of the programs we installed on the server.

yum install openldap{,-clients,-devel,} nss_ldap

On the client we can install NFS as follows 

yum install nfs-utils nfs-utils-lib

First edit the /etc/openldap.conf file to specify the directory server host IP address and the base DN used.
...
host 192.168.1.39
base dc=ldap,dc=com
...
Edit the /etc/nsswitch.conf file to specify all the entries that you would like to have resolved in ldap, specifying the resolution order. For example:-
...
passwd: files ldap
shadow: files ldap
group: files ldap

[root@dlp ~]# 
vi /etc/idmapd.conf
# line 5: uncomment and change to your domain name

Domain =  ldap.com

[root@dlp ~]# 
vi /etc/exports









Note: Some additional steps
Open /etc/nsswitch.conf and edit the entry 'hosts' and add the ldap first so clients can authenticate  from ldap:
vi /etc/nsswitch.conf
hosts: ldap files
Add the rule in firewall for port 636
iptables -I INPUT -m state --state NEW -p tcp -s 192.168.1.222/24 --dport 636 -j ACCEPT
 
Old 11-14-2012, 05:06 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
so what is working and what is not? Clearly NFS is totally irrelevant here, so don't mention that again. there are some good milestones you can work to in order...

- doing an ldapsearch
- doing an ldapsearch and retrieving user / group data from the right base dn
- getting user accounts back from "getent passwd" after configuring nsswitch.conf / ldap.conf
- logging in

where are you on this list?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] openldap client fails to connect ldap server 'ldap_bind: Can't contact LDAP server' JALITE Linux - Server 12 09-30-2010 08:17 AM
NFS-Server missed LDAP-Answer and does not allow any further mounts fmayr Linux - Server 0 05-27-2010 02:40 AM
ldap server/client issues murra1a Linux - Server 2 02-01-2010 07:40 AM
Samba + LDAP server issues with group memberships havok1977 Linux - Server 2 05-06-2009 05:59 AM


All times are GMT -5. The time now is 04:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration