Line 1: |
Line 1: |
− |
| |
| = FreeBSD = | | = FreeBSD = |
| | | |
Line 18: |
Line 17: |
| *** NOTE: Make sure to enable GSSAPI for openldap-sasl-client | | *** NOTE: Make sure to enable GSSAPI for openldap-sasl-client |
| ** rehash | | ** rehash |
− | * Setup /etc/krb5.conf | + | * Setup /etc/krb5.conf see [[Systems/Services/Kerberos]] |
− | * Setup /usr/local/etc/openldap/ldap.conf | + | * Setup /usr/local/etc/openldap/ldap.conf [[Systems/Services/LDAP]] |
| * Install samba ssl root CA cert in /usr/local/etc/trusted.pem | | * Install samba ssl root CA cert in /usr/local/etc/trusted.pem |
| * Join the box to the domain | | * Join the box to the domain |
Line 27: |
Line 26: |
| ** Install /etc/periodic/hourly/100.renew (chmod +x) | | ** Install /etc/periodic/hourly/100.renew (chmod +x) |
| ** Enable hourly periodics in /etc/crontab | | ** Enable hourly periodics in /etc/crontab |
− | *** 0 * * * * root periodic hourly | + | *** 0 * * * * root periodic hourly |
− | | + | * Setup /usr/local/etc/nslcd.conf |
− | | + | * Enable services in rc.conf add the following lines to /etc/rc.conf |
| + | ** nscd_enable="YES" |
| + | ** nslcd_enable="YES" |
| + | ** nslcd_supervisor="YES" |
| + | * Start the services |
| + | ** service nscd start |
| + | ** service nslcd start |
| + | * Update /etc/nsswitch.conf |
| + | ** passwd: files [success=return] cache ldap |
| + | ** group: files cache ldap |
| + | * Update pam /etc/pam.d/sshd |
| + | ** Uncomment auth line for krb5 module |
| + | ** Add ldap line for account under login_access.so: account sufficient /usr/local/lib/pam_ldap.so |
| + | * Update /etc/ssh/sshd_config add the following lines: |
| + | ** GSSAPIAuthentication yes |
| + | ** GSSAPICleanupCredentials yes |
| + | * Restart sshd: service sshd restart |
| + | c |
| | | |
− | == /etc/periodic/100.renew == | + | == /etc/periodic/hourly/100.renew == |
| <pre> | | <pre> |
| #!/bin/sh | | #!/bin/sh |
Line 67: |
Line 83: |
| sleep 30 | | sleep 30 |
| done | | done |
| + | </pre> |
| + | |
| + | == /usr/local/etc/nslcd.conf == |
| + | <pre> |
| + | uid nslcd |
| + | gid nslcd |
| + | |
| + | uri ldap://bob.ad.pumpingstationone.org/ ldap://dc01.ad.pumpingstationone.org/ |
| + | |
| + | |
| + | base dc=ad,dc=pumpingstationone,dc=org |
| + | sasl_mech GSSAPI |
| + | sasl_realm AD.PUMPINGSTATIONONE.ORG |
| + | krb5_ccname /tmp/krb5cc_928 |
| + | |
| + | filter passwd (objectClass=posixAccount) |
| + | filter group (objectClass=posixGroup) |
| + | |
| + | map passwd homeDirectory unixHomeDirectory |
| + | |
| + | scope sub |
| </pre> | | </pre> |