|
Size: 2064
Comment:
|
Size: 2070
Comment: Made a lot of spelling corrections. There may be many more but I didn't want to touch the technical parts since I'm not familiar with Ebox.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| Before we can use our ebox server and connect other services to it we have to make som setup on the ebox to get it to work | Before we can use our ebox server and connect other services to it we have to do some setup on the ebox to get it to work |
| Line 8: | Line 8: |
| Make shoure that the iptables is off ore acceting connections on port 389 from the addres on where you what to put your service | Make sure that iptables is off or accepting connections on port 389 from the address on where you want to put your service |
| Line 19: | Line 19: |
| We have to make shoure that our ldao server is responding on all interfaces so that we can connect to it from an other server. | We have to make sure that our ldap server is responding on all interfaces so that we can connect to it from another server. |
| Line 30: | Line 30: |
| '''Linux Loggin PAM''' | '''Linux Login PAM''' |
| Line 32: | Line 32: |
| In order that our ubuntu user should be able to loggin later we must change the login skel to /bin/bash | In order that our Ubuntu user should be able to login later we must change the login skel to /bin/bash |
| Line 36: | Line 36: |
| And chnage so that is looks like | And change so that it looks like |
| Line 40: | Line 40: |
| this will change the login skel for new user. But for old user you must run | this will change the login skel for a new user. But for an existing user you must run |
| Line 44: | Line 44: |
| Dont change anything other then the login skel ore the user can break | Don't change anything other than the login skel or the user account can break |
| Line 48: | Line 48: |
| Somtimes when you connect other services to the ebox ldap you have to enter the ldap admin acount. And to get the admin account and password out do this. | Sometimes when you connect other services to the ebox ldap you have to enter the ldap admin account. And to get the admin account and password do this |
| Line 58: | Line 58: |
| Search in the output for this entery | Search in the output for this entry |
| Line 70: | Line 70: |
| No get the password | Now get the password |
| Line 75: | Line 75: |
| And ther you have you admin account and password for the ldap server. | And there you have your admin account and password for the ldap server. |
Ställa in EBOX
Before we can use our ebox server and connect other services to it we have to do some setup on the ebox to get it to work
IPTABLES
Make sure that iptables is off or accepting connections on port 389 from the address on where you want to put your service
iptables -L
SLAPD
We have to make sure that our ldap server is responding on all interfaces so that we can connect to it from another server.
sudo nano /etc/default/slapd
Should look like this
SLAPD_SERVICES="ldap://0.0.0.0 ldapi://%2fvar%2frun%2fslapd%2fldapi/????x-mod=0$
Linux Login PAM
In order that our Ubuntu user should be able to login later we must change the login skel to /bin/bash
sudo nano /etc/ebox/80samba.conf
And change so that it looks like
login_shell = /bin/bash
this will change the login skel for a new user. But for an existing user you must run
smbldap-userinfo matte
Don't change anything other than the login skel or the user account can break
LDAP Admin uppgifter
Sometimes when you connect other services to the ebox ldap you have to enter the ldap admin account. And to get the admin account and password do this
get root
sudo su
Get all of the ldap tree
ldapsearch -x -b"dc=kalle,dc=se"
Search in the output for this entry
# ebox, kalle.se
dn: cn=ebox,dc=kalle,dc=se
objectClass: organizationalRole
objectClass: simpleSecurityObject
description: eBox admin account
cn: eboxSo my admin user is "cn=ebox,dc=kalle,dc=se"
Now get the password
less /etc/ldap.secret
And there you have your admin account and password for the ldap server.
TEST
Test if you have connection to the ebox from an external server
telnet ebox-ip 389
You should get
Connected to localhost.
Escape character is '^]'.Time to get some services to the ebox server