483
edits
Changes
From Pumping Station One
→FreeBSD
*** NOTE: Make sure to enable GSSAPI for openldap-sasl-client
*** NOTE: Make sure to enable GSSAPI for openldap-sasl-client
** rehash
** rehash
* Setup /etc/krb5.conf
* Setup /etc/krb5.conf see [[Systems/Services/Kerberos]]
* Setup /usr/local/etc/openldap/ldap.conf
* Setup /usr/local/etc/openldap/ldap.conf [[Systems/Services/LDAP]]
* Install samba ssl root CA cert in /usr/local/etc/trusted.pem
* Install samba ssl root CA cert in /usr/local/etc/trusted.pem
* Join the box to the domain
* Join the box to the domain
** Enable hourly periodics in /etc/crontab
** Enable hourly periodics in /etc/crontab
*** 0 * * * * root periodic hourly
*** 0 * * * * root periodic hourly
* Setup /usr/local/etc/nslcd.conf
* Enable services in rc.conf add the following lines to /etc/rc.conf
** nscd_enable="YES"
** nslcd_enable="YES"
** nslcd_supervisor="YES"
* Start the services
** service nscd start
** service nslcd start
sleep 30
sleep 30
done
done
</pre>
== /usr/local/etc/nslcd.conf ==
uid nslcd
gid nslcd
uri ldap://bob.ad.pumpingstationone.org/ ldap://dc01.ad.pumpingstationone.org/
base dc=ad,dc=pumpingstationone,dc=org
sasl_mech GSSAPI
sasl_realm AD.PUMPINGSTATIONONE.ORG
krb5_ccname /tmp/krb5cc_928
filter passwd (objectClass=posixAccount)
filter group (objectClass=posixGroup)
map passwd homeDirectory unixHomeDirectory
scope sub
</pre>
</pre>
