Olivier2565
Cadet
- Joined
- Jul 18, 2022
- Messages
- 2
I have an OpenLDAP server that I have had running for ages and that serves accounts for FreeBSD and Linux (and other systems like Freeradius, etc.)
Whenever possible, I prefer to let the client do the authentication by binding with the user credential rather than having a "master" user that binds with LDAP, retreive and validate the user's password. It seems that TrueNAS only work with the master password.
I think that I have configured LDAP correctely in TrueNAS, it is reported as HEALTHY (and would report an error if I try to enter a bad password for the bind master).
My understanding is that once LDAP has been configured, the users in LDAP should show in the list of local users and should be able to SSH to the TrueNAS machine.
Something not yet clear, on FreeBSD clients, I have the following in /usr/local/etc/nslcd.conf
filter passwd (csimAccountPermission=web)
base passwd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
filter shadow (csimAccountPermission=web)
base shadow ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
base group ou=Group,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
and on Ubuntu clients I have the following in /etc/ldap.conf
nss_base_passwd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=docker
nss_base_shadow ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=docker
nss_base_group ou=Group,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one
Both are setting some filters one the users that are allowed to access specific services. These rules also inform the client of the exact location/attribute name of the password. I have seen no such filter feature, nor did I see where the exact attribute name for the password is configured.
When I try to rebuild the directory service cache, I see a surge of traffic in tcpdump, but I cannot use the LDAP users.
I must be missing something stupidly obvious, but I cannot see it. Any help will be great.
TIA,
Olivier
Whenever possible, I prefer to let the client do the authentication by binding with the user credential rather than having a "master" user that binds with LDAP, retreive and validate the user's password. It seems that TrueNAS only work with the master password.
I think that I have configured LDAP correctely in TrueNAS, it is reported as HEALTHY (and would report an error if I try to enter a bad password for the bind master).
My understanding is that once LDAP has been configured, the users in LDAP should show in the list of local users and should be able to SSH to the TrueNAS machine.
Something not yet clear, on FreeBSD clients, I have the following in /usr/local/etc/nslcd.conf
filter passwd (csimAccountPermission=web)
base passwd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
filter shadow (csimAccountPermission=web)
base shadow ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
base group ou=Group,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
and on Ubuntu clients I have the following in /etc/ldap.conf
nss_base_passwd ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=docker
nss_base_shadow ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one?csimAccountPermission=docker
nss_base_group ou=Group,ou=csim,dc=cs,dc=ait,dc=ac,dc=th?one
Both are setting some filters one the users that are allowed to access specific services. These rules also inform the client of the exact location/attribute name of the password. I have seen no such filter feature, nor did I see where the exact attribute name for the password is configured.
When I try to rebuild the directory service cache, I see a surge of traffic in tcpdump, but I cannot use the LDAP users.
I must be missing something stupidly obvious, but I cannot see it. Any help will be great.
TIA,
Olivier
