SingleSignOn
Kerberos
OpenLDAPServer
Samba/Kerberos
Abkürzungen / Abbreviations
Active Directory (AD)
Domain Controller (DC)
Primary Domain Controller (PDC)
Group Policy Object (GPO), Gruppenrichtlinienobjekt für eine Windows Active-Directory-Domain
Linux Logon/Logoff Scripts
AppNote: How to Implement Login Scripts into a Pure Linux Environment
Name Service Switch (NSS)
Background on Name Service Switch
Pluggable Authentication Modules (PAM)
Understand PAM and NSS
PAM/NSS
How PAM works
Understanding PAM
NetBSD: Pluggable Authentication Modules (PAM)
FreeBSD: Pluggable Authentication Modules
Wikipedia: Pluggable Authentication Modules
RedHat: Using Pluggable Authentication Modules (PAM)
User Authentication HOWTO – PAM (Pluggable Authentication Modules)
Samba Shared Folders
Samba Server
Samba Server: smb.conf
samba question: share = user
ubuntu server and samba
$ chown nobody:sambashare /raid/share
# smbpasswd -a bachi New SMB password: Retype new SMB password: tdbsam_open: Converting version 0.0 database to version 4.0. WARNING: database '/var/db/samba4/private/passdb.tdb.tmp' does not end in .[n]tdb: treating it as a TDB file! tdbsam_convert_backup: updated /var/db/samba4/private/passdb.tdb file. tdb(/var/db/samba4/winbindd_idmap.tdb): tdb_open_ex: could not open file /var/db/samba4/winbindd_idmap.tdb: No such file or directory tdb(/var/db/samba4/account_policy.tdb): tdb_open_ex: could not open file /var/db/samba4/account_policy.tdb: No such file or directory account_policy_get: tdb_fetch_uint32 failed for type 1 (min password length), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0 Added user bachi. # pkg remove samba41 ntdb tdb # pkg install samba41 ntdb tdb # smbpasswd -a bachi New SMB password: Retype new SMB password: # ls -la /var/db/samba4/ total 480 drwxr-xr-x 3 root wheel 512 Feb 18 11:07 . drwxr-xr-x 12 root wheel 512 Feb 18 11:00 .. -rw------- 1 root wheel 421888 Feb 18 11:03 account_policy.tdb -rw-r--r-- 1 root wheel 237 Feb 18 11:07 browse.dat -rw-r--r-- 1 root wheel 696 Feb 18 11:03 gencache.tdb -rw-r--r-- 1 root wheel 696 Feb 18 11:07 gencache_notrans.tdb -rw------- 1 root wheel 696 Feb 18 11:03 group_mapping.tdb -rw------- 1 root wheel 696 Feb 18 11:03 mutex.tdb drwxr-xr-x 2 root wheel 512 Feb 11 10:16 private # pdbedit -L -v --------------- Unix username: bachi NT username: Account Flags: [U ] User SID: S-1-5-21-565438450-2596499718-1061971255-1000 Primary Group SID: S-1-5-21-565438450-2596499718-1061971255-513 Full Name: Andreas Bachmann Home Directory: \\bsd\bachi HomeDir Drive: Logon Script: Profile Path: \\bsd\bachi\profile Domain: BSD Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sun, 04 Dec 219250468 16:30:07 CET Kickoff time: Sun, 04 Dec 219250468 16:30:07 CET Password last set: Wed, 18 Feb 2015 11:07:24 CET Password can change: Wed, 18 Feb 2015 11:07:24 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF # testparm Load smb config files from /usr/local/etc/smb4.conf Processing section "[homes]" Loaded services file OK. WARNING: 'workgroup' and 'netbios name' must differ. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = BSD idmap config * : backend = tdb [homes] comment = Home Directories valid users = %S read only = No create mask = 0600 directory mask = 0700 browseable = No
Samba mit Primary Domain Controller (PDC)
Samba-3 by Example: Chapter 11. Active Directory, Kerberos, and Security
Microsoft: You incorrectly receive an error message when you join a computer that is running Windows 7 to a Samba 3-based domain
Samba AD DC HOWTO
Samba Server PDC
Aufbau und Konfiguration eines Domänencontrollers mit Samba
Samba domain controller
Samba 4 Active Directory Domain Controller
Samba4 AD DC on Ubuntu 14.04
The Samba AD DNS Back Ends
FreeBSD
How to integrate Active Directory with FreeBSD 10.0 using security/sssd?
FreeBSD 10: SAMBA 4 as a domain controller running on a public IP (OpenVPN, BIND, pf)
Samba 4.1 Active Directory Domain Controller on FreeBSD 10.1
How to set up FreeBSD 10.1 as a Domain Controller (Video)
Samba4 dc in FreeBSD 10
Howto setup Samba Domain Controller on FreeBSD
LDAP / OpenLDAP
zytrax.com Open Source Guides – LDAP for Rocket Scientists
2. LDAP Concepts & Overview
Chapter 6. LDAP Configuration
Chapter 8. LDAP LDIF and DSML
Useful tutorials
Example: Shared Address Book (LDAP)
OpenLDAP Server on Ubuntu 14.04
Ubuntu Server Guide: OpenLDAP Server
How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server
How To Install and Configure a Basic LDAP Server on an Ubuntu 12.04 VPS
Getting error for setting password feild when creating generic user account phpldapadmin
Line 2469: $default = $this->getServer()->getValue('appearance','password_hash'); or $default = $this->getServer()->getValue('appearance','password_hash_custom');
$ ldapsearch -X u:admin -b dc=auth,dc=intra,dc=fablabwinti,dc=ch SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database $ ldapsearch -x -LLL -b dc=auth,dc=intra,dc=fablabwinti,dc=ch dn: dc=auth,dc=intra,dc=fablabwinti,dc=ch objectClass: top objectClass: dcObject objectClass: organization o: fablabwinti dc: auth dn: cn=admin,dc=auth,dc=intra,dc=fablabwinti,dc=ch objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator $ ldapsearch -x -LLL -b dc=auth,dc=intra,dc=fablabwinti,dc=ch dn dn: dc=auth,dc=intra,dc=fablabwinti,dc=ch dn: cn=admin,dc=auth,dc=intra,dc=fablabwinti,dc=ch $ ldapsearch -LLL -x -H ldap:/// -b dc=auth,dc=intra,dc=fablabwinti,dc=ch dn dn: dc=auth,dc=intra,dc=fablabwinti,dc=ch dn: cn=admin,dc=auth,dc=intra,dc=fablabwinti,dc=ch -X
RADIUS
FreeRADIUS
Centralized Logins Using LDAP and RADIUS
Primer: Authentication – RADIUS, Kerberos, and LDAP
How to integrate RADIUS with Kerberos?
RADIUS and Kerberos and LDAP!!! Oh my!!!
Samba und OpenLDAP
The Linux Samba-OpenLDAP Howto
Setting up Samba as a Domain Controller with OpenLDAP
Samba and LDAP
Setup Samba Domain Controller with LDAP Backend in Ubuntu 13.04
Linux-PDC mit Samba und OpenLDAP – Zentrale Anmeldung
MIT Kerberos 5
Setting up an Active Directory Domain Controller using Samba 4 on Ubuntu 14.04
Ubuntu 14.04 kerberos krb5 installation+removing messed up login
Debian GNU and Ubuntu: Setting up MIT Kerberos 5
Unable to setup Kerberos on Ubuntu 14.04 – krb5kdc: No such file or directory – while initializing database for realm myrealm
Kerberos – Community Help Wiki
Kerberos
Kerberos und LDAP
Kerberos with LDAP Backend on Ubuntu 12.04 – Part One
Kerberos with LDAP Backend on Ubuntu 12.04 – Part Two
Kerberos with LDAP Backend on Ubuntu 12.04 – Part Three
Kerberos with LDAP Backend on Ubuntu 12.04 – Part Four
MIT Kerberos Documentation: Kerberos with LDAP backend on Ubuntu 10.4
MIT Kerberos Documentation: Configuring Kerberos with OpenLDAP back-end
Ubuntu 14.04 LTS : Samba Server : Samba AD DC : Server Settings
Ubuntu 14.04 LTS : WEB Server : Use Kerberos Auth
LightDM
Lightdm Login & Kerberos: Ticket nicht gekommen
Testing Kerberos in Ubuntu
How do I enable the “Other” user for login with Active Directory?
Ubuntu Linux and Active Directory
Abhändigheiten / Dependencies
$ sudo apt-get install bind9 $ sudo service bind9 stop
DNS
$ ls -la /etc/bind [...] -rw-r--r-- 1 bind bind 493 Dez 26 19:41 named.conf -rw-r--r-- 1 root bind 307 Dez 29 18:50 named.conf.local [...] $ ls -la /var/lib/bind [...] -rw-r--r-- 1 bind bind 572 Feb 6 18:49 db.192.168.1 [...] $ cat /etc/apparmor.d/usr.sbin.named /usr/sbin/named { [...] # /etc/bind should be read-only for bind # /var/lib/bind is for dynamically updated zone (and journal) files. # /var/cache/bind is for slave/stub data, since we're not the origin of it. # See /usr/share/doc/bind9/README.Debian.gz /etc/bind/** r, /var/lib/bind/** rw, /var/lib/bind/ rw, /var/cache/bind/** lrw, /var/cache/bind/ rw, [...] }
NTP
HOWTO: Set Up an NTP Server
Time Synchronisation with NTP
Postponing ntpd
how do I disable ntpd?
The NTP FAQ and HOWTO – Understanding and using the Network Time Protocol
Apache
$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf $ sudo a2enconf fqdn
Bugs
Bug #1125726: boot-time race between /etc/network/if-up.d/ntpdate and “/etc/init.d/ntp start”
Bug #777879: removing ntpdate removes ubuntu-minimal (duplicate! use Bug #61619)
Bug #61619: ntpdate in -minimal should have an alternative
Bug #556372: Please remove the plymouth dependency from mountall / cryptsetup (Create a simple package)