Recently I needed to configure 6 PCs for a central workplace. I needed central authentication as well as Network File System(NFS) on all those machines. All this was to facilitate the people of my technical club (the “Delta Force” Webteam) to use those machines for working on collaborative projects. The central authentication assured that I can easily manage user accounts from say, an LDAP server i.e. I can disable login of a user in a client machine or create a new user without having to touch the client machine at all. Similarly, NFS assured that no matter in which of those 6 machines the user logs in, he will always see the same files in his home directory and same configurations like his background-image, firefox addons, etc on that machine as if he always used the same computer for all his work. This eliminates the problem of people complaining that the machine in which their files resides are being used by someone else.
So my overall network configuration has the following prototype :
1) 6 client machines in which user will be able to login (Subnet of the machines : 10.1.39.0/24)
2) An LDAP server ( IP : 10.0.0.163 ) to take care of authentication when user logs into a client machine
3) The LDAP base DN which has the list of all users is ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu
4) An NFS server ( IP : 10.0.0.126 ) which has the user home-directories of all users inside /webteam folder.
Overall working : When a user (say “jereme”) logs into a client machine, his username and password are checked from the LDAP server at 10.0.0.163. If authentication is successful, he’s logged into the machine and his home directory is actually mounted from /webteam/jereme in the NFS server at 10.0.0.126.
I assume you already have the fully configured LDAP and NFS servers since this article is only about configuring the “clients”. So here we go. Pick any of your client machines and do the following :
First we will configure NFS client. For this purpose, we will use the autofs package.
Step 1 : Install nfs-utils and autofs
For Ubuntu :
sudo apt-get install nfs-utils autofs
For Fedora :
yum install nfs-utils autofs
Step 2 : Edit the file /etc/auto.master and it should contain the following lines :
/webteam /etc/auto.home +auto.master
Step 3 : Edit /etc/auto.home and it should contain the following line :
Step 4 : Edit /etc/fstab and append the following line :
10.0.0.126:/webteam /webteam nfs soft,rw 0 0
Step 5 : Edit /etc/sysconfig/autofs and it should have the following lines :
TIMEOUT=300 BROWSE_MODE="no" MOUNT_NFS_DEFAULT_PROTOCOL=4 LDAP_URI="ldap://10.0.0.163" SEARCH_BASE="ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu" USE_MISC_DEVICE="yes"
Step 6 : Restart autofs
Step 7 : Make autofs start automatically on startup :
chkconfig autofs on
Next, we will configure for the LDAP client.
Step 1 : Install nss_updatedb and openldap-clients
sudo apt-get install nss_updatedb openldap-clients
yum install nss_updatedb openldap-clients
Step 2 : Run authconfig-tui from terminal
Step 3 : The above will open a graphical window in the terminal. The first page will ask for the login type. It will have 2 columns. In the first column, select “LDAP authentication” and in the second column, select “LDAP,MD5,Shadow and Local Authentication”. Then click on Next.
Step 4 : Enter the following details when asked for LDAP configurations :
LDAP URI : http://10.0.0.163 Base DN : ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu
Also disable “USE TLS ” option.
Step 5 : Open /etc/openldap/ldap.conf and uncomment “SIZELIMIT, TIMELIMIT and DEREF” and change it to :
SIZELIMIT 0 TIMELIMIT 0 DEREF never
Step 6 : Open /etc/nsswitch.conf and modify :
passwd: files sss shadow: files sss group: files sss
passwd: files ldap sss shadow: files ldap sss group: files ldap sss
Step 7 : Now, run the following command :
That’s it. You are done :). Now reboot.
Important Note : Some tools like “chkconfig” and “/etc/nsswitch.conf” configuration are Fedora-specific. Ubuntu has other alternatives. If you’re an Ubuntu user, the above configurations might not run for you. But its still worth a try. Good Luck!