Oko
Contributor
- Joined
- Nov 30, 2013
- Messages
- 132
The work in my Lab revolves around traditional UNIX concept of distributed user accounts and home directories with LDAP (in this day and age) and NFS.
I need to export home directories of my users residing on my FreeNAS box via NFS. I am trying to avoid creating hundreds of user accounts on my FreeNAS box by turning on LDAP. I just updated today my file servers to FreeNAS 9.2.1.5. Update went really smoothly. Kudos to developers! I caught right a way Bug #4874
https://bugs.freenas.org/issues/4874 as I have no need for CIFS. The Josh's hot patch https://bugs.freenas.org/attachments/download/768/fixup.sh.txt worked like a charm and I was able to switch that annoying service. Kudos to Josh.
I went to GUI to configure LDAP and was pleasantly surprised that I can now upload security certificate (bug report was due to me). One more kudos for quick fix. However LDAP didn't want to start. Moreover it was turning CIFS on. I went to the command line and caught I believe another bug.
Namely file /usr/local/etc/openldap/ldap.conf had host line instead of URI. After manually replacing HOST with URI
everything worked like a charm. Just for the reference my /usr/local/etc/ldap.conf looks as follows
The OpenLDAP client is properly binding to my OpenBSD 5.5 stock LDAP server (from the base) not the OpenLDAP using TLS encryption. I can read LDAP data base from my FreeNAS box. Great:) . The only problem is when I try to pull the user names of my users with
I get nothing. Since I am not very familiar with FreeBSD PAM implementation (RedHat uses SSSD) apparently I have to turn some daemons on before system imports uid and gid numbers. I tried to restarting nsswitch daemon but that overwrites /usr/local/etc/openldap/ldap.conf file and breaks LDAP.
Could a kind soul tell me which daemons are started by turning directory services on in the GUI? Can any of Unix users share their experience with LDAP because I have a bad feeling that FreeNAS assumes that LDAP means that person uses CIFS as well which could not be further from the truth.
I feel I am very close to get this thing working but I need a little push from more experienced people.
I need to export home directories of my users residing on my FreeNAS box via NFS. I am trying to avoid creating hundreds of user accounts on my FreeNAS box by turning on LDAP. I just updated today my file servers to FreeNAS 9.2.1.5. Update went really smoothly. Kudos to developers! I caught right a way Bug #4874
https://bugs.freenas.org/issues/4874 as I have no need for CIFS. The Josh's hot patch https://bugs.freenas.org/attachments/download/768/fixup.sh.txt worked like a charm and I was able to switch that annoying service. Kudos to Josh.
I went to GUI to configure LDAP and was pleasantly surprised that I can now upload security certificate (bug report was due to me). One more kudos for quick fix. However LDAP didn't want to start. Moreover it was turning CIFS on. I went to the command line and caught I believe another bug.
Namely file /usr/local/etc/openldap/ldap.conf had host line instead of URI. After manually replacing HOST with URI
Code:
URI ldap://atlas.int.autonlab.org BASE dc=autonlab,dc=org TLS_CACERT /etc/ssl/freenas/ldap/ldapca.crt TLS_REQCERT allow
everything worked like a charm. Just for the reference my /usr/local/etc/ldap.conf looks as follows
Code:
host ldap://atlas.int.autonlab.org base dc=autonlab,dc=org rootbinddn pam_password md5 nss_override_attribute_value loginShell /bin/sh nss_base_passwd dc=autonlab,dc=org nss_base_group dc=autonlab,dc=org ssl start_tls tls_cacertfile /etc/ssl/freenas/ldap/ldapca.crt ldap_version 3 timelimit 30 bind_timelimit 30 bind_policy soft pam_ldap_attribute uid
The OpenLDAP client is properly binding to my OpenBSD 5.5 stock LDAP server (from the base) not the OpenLDAP using TLS encryption. I can read LDAP data base from my FreeNAS box. Great:) . The only problem is when I try to pull the user names of my users with
Code:
id ldap_username
I get nothing. Since I am not very familiar with FreeBSD PAM implementation (RedHat uses SSSD) apparently I have to turn some daemons on before system imports uid and gid numbers. I tried to restarting nsswitch daemon but that overwrites /usr/local/etc/openldap/ldap.conf file and breaks LDAP.
Could a kind soul tell me which daemons are started by turning directory services on in the GUI? Can any of Unix users share their experience with LDAP because I have a bad feeling that FreeNAS assumes that LDAP means that person uses CIFS as well which could not be further from the truth.
I feel I am very close to get this thing working but I need a little push from more experienced people.