SAC:betawebsite
This is setup of Cloud server osgeo.public.cloudvps.com
It is a debian 8, 4GB , 160 HDD server.
Martin's changes (per [1] I presume these supercede the ones I made
# Avoid error messages upon login
root@osgeo:~# aptitude install locales-all
# Have the preferred LDAP subsystem
root@osgeo:~# aptitude install libpam-ldapd libnss-ldapd
# Purge deprecated configs
root@osgeo:~# dpkg -l | grep \^rc | awk '{print $2}' | cut -f 1 -d \: | xargs dpkg --purge
# Purge local user
root@osgeo:~# grep -v \^martin /etc/passwd > Hallo && cat Hallo > /etc/passwd root@osgeo:~# grep -v \^martin /etc/shadow > Hallo && cat Hallo > /etc/shadow root@osgeo:~# rm -vf Hallo
# Purge cache and reload LDAP stuff
root@osgeo:~# /etc/init.d/nscd stop; rm -vf /var/cache/nscd/*; /etc/init.d/nscd start root@osgeo:~# /etc/init.d/nslcd restart
# Voila
root@osgeo:~# getent passwd martin martin:x:10026:100:Martin Spott:/home/martin:/bin/tcsh
# Have a homedir and proper login shell
root@osgeo:~# cp -a /etc/skel /home/martin root@osgeo:~# chown -R martin:100 /home/martin root@osgeo:~# aptitude install tcsh
# Reduce authentication error log
root@osgeo:~# aptitude install fail2ban
# Now test
foehn: 17:06:08 ~> ssh osgeo.public.cloudvps.com martin@osgeo.public.cloudvps.com's password: [...] osgeo:~>
# Success
These are the steps I did after it was created in attempt to implement LDAP
First I installed updates
apt-get update apt-get upgrade apt-get install libpam-ldap nscd apt-get install libnss-ldap #not sure if this one is needed apt-get install locales-all apt-get install sudo
Then to try the ldap
https://wiki.debian.org/LDAP/PAM
1) edit /etc/ldap/ldap.conf (copied from osgeo6)
BASE dc=osgeo, dc=org URI ldaps://ldap.osgeo.org/ #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never TLS_CHECKPEER yes TLS_REQCERT demand TLS_CACERT /etc/ssl/certs/STAR_osgeo_org.ca-bundle #this file you need to copy from osgeo6 as well pam_groupdn cn=telascience,ou=Shell,dc=osgeo,dc=org #not though telascience is defunct so not sure what that cn nss_base_passwd ou=People,dc=osgeo,dc=org nss_base_shadow ou=People,dc=osgeo,dc=org nss_base_group ou=Group,dc=osgeo,dc=org ldap_version 3 pam_password md5 bind_policy soft
2) Copy contents of /etc/nslcd.conf from osgeo6
nano /etc/ssh/sshd_config
(it will prompt for services you want to use ldap for ) Selections will be written to /etc/nsswitch.conf
after conf looked like this
after conf looked like this
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap group: compat ldap shadow: compat gshadow: files
hosts: files dns networks: files
protocols: db files ldap services: db files ldap ethers: db files rpc: db files
netgroup: nis aliases: ldap
3) pam-auth-update Make sure both Unix and LDAP authentication are checked 4)
/etc/init.d/nscd restart /etc/init.d/nslcd restart /etc/init.d/ssh restart Should output something like this:
[ ok ] Restarting ssh (via systemctl): ssh.service.
5) Verify server can do ldap queries with Osgeo by running something like this
ldapsearch -x uid=robe
6) For some reason nlscd fails with password invalid, unless I create a local account matching the Osgeo user (doesn't matter the password) so did
useradd robe adduser robe sudo
To be able to log in
This worked fine and gave answers as expected.
I can now log in with OSGeo account.
Also added strk, wildintellect, osgeotest2 (for getinteractive), martin for sudo.
wildintellect confirmed he can log in with his OSGeo ldap account.