In previous guides I installed and configured Apache Directory Server. This will be the source of user, group and shadow account information needed so that users defined in the directory can log into Ubuntu 16.04 client computers. The video is here: https://www.youtube.com/watch?v=8KStppSmqZw
This guide makes the following assumptions:
- You have a freshly installed copy of Ubuntu 16.04
- Your OS is patched up to date
- You have a working DNS resolver
- You followed the guides hyperlinked in the above paragraph
First we need to enable pam ldap module by issuing the following at the terminal prompt
sudo apt-get install libpam-ldap auth-client-config ldap-auth-client ldap-auth-config libnss-ldap nscd
The above command triggers the configuration of the ldap-auth-config package. Use the following settings:
- ldap://insert hostname of the apacheds host:389
- searchbase: ou=potato (or whatever you chose)
- ldap v3
- Make local root database admin: yes
- Does the database require login: no
- LDAP account for root: uid=admin,ou=system
- root account password: secret
Now we need to modify the /etc/nsswitch.conf
file by replacing the defaults with:
passwd: files ldap group: files ldap shadow: files ldap
Test your modifications by issuing:
getent password getent group
If all went well, you should see the accounts and group(s) you created in Apache Directory Server.
Next we enable the pammkhomedir module so that home folders are created after a successful login and also allow manual logons at the greeter
sudo pam-auth-update
Enable ‘Create home directory at login’
Edit /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
and add the following line
greeter-show-manual-login=true
Reboot your client.
There now, that wasn’t too taxing was it. Wouldn’t it be nice to get a Kerberos ticket at logon too. This can be used to allow access to Samba shares on the network. I’ll leave that for my next post.