Anonymous

Changes

From Pumping Station One

Systems/OS/FreeBSD (view source)

Revision as of 07:37, 24 December 2014

1,108 bytes added ,  07:37, 24 December 2014
m
Robot: Cosmetic changes
Line 1: Line 1: −
   
= FreeBSD =
 
= FreeBSD =
   Line 18: Line 17:  
*** NOTE: Make sure to enable GSSAPI for openldap-sasl-client
 
*** NOTE: Make sure to enable GSSAPI for openldap-sasl-client
 
** rehash
 
** rehash
* Setup /etc/krb5.conf
+
* Setup /etc/krb5.conf see [[Systems/Services/Kerberos]]
* Setup /usr/local/etc/openldap/ldap.conf
+
* Setup /usr/local/etc/openldap/ldap.conf [[Systems/Services/LDAP]]
 
* Install samba ssl root CA cert in /usr/local/etc/trusted.pem
 
* Install samba ssl root CA cert in /usr/local/etc/trusted.pem
 
* Join the box to the domain
 
* Join the box to the domain
Line 27: Line 26:  
** Install /etc/periodic/hourly/100.renew (chmod +x)
 
** Install /etc/periodic/hourly/100.renew (chmod +x)
 
** Enable hourly periodics in /etc/crontab
 
** Enable hourly periodics in /etc/crontab
*** 0       *       *       *       *       root   periodic hourly
+
*** 0 * * * * root periodic hourly
 
+
* Setup /usr/local/etc/nslcd.conf
 
+
* Enable services in rc.conf add the following lines to /etc/rc.conf
 +
** nscd_enable="YES"
 +
** nslcd_enable="YES"
 +
** nslcd_supervisor="YES"
 +
* Start the services
 +
** service nscd start
 +
** service nslcd start
 +
* Update /etc/nsswitch.conf
 +
** passwd: files [success=return] cache ldap
 +
** group: files cache ldap
 +
* Update pam /etc/pam.d/sshd
 +
** Uncomment auth line for krb5 module
 +
** Add ldap line for account under login_access.so: account sufficient /usr/local/lib/pam_ldap.so
 +
* Update /etc/ssh/sshd_config add the following lines:
 +
** GSSAPIAuthentication yes
 +
** GSSAPICleanupCredentials yes
 +
* Restart sshd: service sshd restart
 +
c
   −
== /etc/periodic/100.renew ==
+
== /etc/periodic/hourly/100.renew ==
 
<pre>
 
<pre>
 
#!/bin/sh
 
#!/bin/sh
Line 67: Line 83:  
         sleep 30
 
         sleep 30
 
done
 
done
 +
</pre>
 +
 +
== /usr/local/etc/nslcd.conf ==
 +
<pre>
 +
uid nslcd
 +
gid nslcd
 +
 +
uri ldap://bob.ad.pumpingstationone.org/ ldap://dc01.ad.pumpingstationone.org/
 +
 +
 +
base dc=ad,dc=pumpingstationone,dc=org
 +
sasl_mech GSSAPI
 +
sasl_realm AD.PUMPINGSTATIONONE.ORG
 +
krb5_ccname /tmp/krb5cc_928
 +
 +
filter  passwd  (objectClass=posixAccount)
 +
filter  group  (objectClass=posixGroup)
 +
 +
map    passwd  homeDirectory      unixHomeDirectory
 +
 +
scope sub
 
</pre>
 
</pre>
Wikibot
WikiBots
1,397

edits

Retrieved from "https://ps1.mywikis.wiki/wiki/Special:MobileDiff/19386...21196"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information