Scott S. Lowe scottslowe
scottslowe
/ sled-10-ldap-conf
Created
December 22, 2014 01:09
This is an ldap.conf taken from a SLED 10 workstation configured to use Active Directory for lookups.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############### | |
| # custom ldap.conf for connecting with Server 2003 R2 | |
| ############### | |
| host 10.10.10.1 | |
| base dc=domain,dc=com | |
| uri ldap://windows-dc-hostname.domain.com/ | |
| binddn cn=linux-ldap-user,cn=Users,dc=domain,dc=com | |
| bindpw ldap-user-passwd | |
| scope sub | |
| bind_timelimit 15 |
scottslowe
/ sled-10-krb5-conf
Created
December 22, 2014 01:08
This is a krb5.conf file from a SLED 10 workstation configured to authenticate against Microsoft Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############### | |
| # krb5.conf for connecting with Windows Server 2003# | |
| ############### | |
| [logging] | |
| kdc = FILE:/var/log/krb5/krb5kdc.log | |
| admin_server = FILE:/var/log/krb5/kadmind.log | |
| default = SYSLOG:NOTICE:DAEMON | |
| [libdefaults] | |
| ticket_lifetime = 24000 |
scottslowe
/ sled-10-etc-hosts
Created
December 22, 2014 01:06
This /etc/hosts file, taken from SLED 10, is configured to assist with integration into Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############### | |
| # /etc/hosts | |
| ############### | |
| # This file describes a number of hostname-to-address | |
| # mappings for the TCP/IP subsystem. It is mostly | |
| # used at boot time, when no name servers are running. | |
| # On small systems, this file can be used instead of a | |
| # "named" name server. | |
| # Syntax: | |
| # |
scottslowe
/ ldap-conf-gid
Created
December 21, 2014 05:03
This LDAP configuration file can be used for integrating Linux/UNIX systems into Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host 10.10.10.10 | |
| base dc=example,dc=com | |
| uri ldap://server.example.com/ | |
| binddn ldap@example.com | |
| bindpw adldapbindpw | |
| scope sub | |
| ssl no | |
| nss_base_passwd dc=example,dc=com?sub | |
| nss_base_shadow dc=example,dc=com?sub | |
| nss_base_group dc=mydomain,dc=com?sub?&(objectCategory=group)(gidnumber=*) |
scottslowe
/ ldap-conf-sfu30
Created
December 20, 2014 05:03
This LDAP configuration file can be used for integrating Linux into older versions of Active Directory that rely upon SFU (Services for UNIX) for UNIX attributes in the schema.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host 10.10.10.10 | |
| base dc=example,dc=com | |
| binddn cn=ldap,cn=Users,dc=example,dc=com | |
| bindpw adldapbindpw | |
| scope sub | |
| ssl no | |
| nss_base_passwd dc=example,dc=com | |
| nss_base_shadow dc=example,dc=com | |
| nss_base_group dc=example,dc=com | |
| nss_map_objectclass posixAccount user |
scottslowe
/ krb5-conf-no-srv
Created
December 20, 2014 04:55
This Kerberos configuration file can be used for integrating Linux into Active Directory using Kerberos authentication. It does not rely on DNS SRV records, instead manually specifying an AD domain controller.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| default_realm = EXAMPLE.COM | |
| dns_lookup_realm = true | |
| dns_lookup_kdc = true |
scottslowe
/ system-auth
Last active
October 17, 2017 13:32
This PAM configuration file supports the use of Kerberos authentication for integrating Linux into Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #%PAM-1.0 | |
| # This file is auto-generated. | |
| # User changes will be destroyed the next time authconfig is run. | |
| auth required /lib/security/$ISA/pam_env.so | |
| auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok | |
| auth sufficient /lib/security/$ISA/pam_krb5.so | |
| auth required /lib/security/$ISA/pam_deny.so | |
| account sufficient /lib/security/$ISA/pam_krb5.so | |
| account required /lib/security/$ISA/pam_unix.so |
scottslowe
/ ldap.conf
Created
December 20, 2014 04:37
This ldap.conf is intended for use integrating Linux into Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host 10.10.10.10 | |
| base dc=example,dc=com | |
| uri ldap://server.example.com/ | |
| binddn ldap@example.com | |
| bindpw adldapbindpw | |
| scope sub | |
| ssl no | |
| pam_filter objectClass=User | |
| nss_base_passwd dc=example,dc=com?sub | |
| nss_base_shadow dc=example,dc=com?sub |
scottslowe
/ krb5.conf
Created
December 20, 2014 04:22
This Kerberos configuration file can be used to integrate Linux into Active Directory. This configuration uses DNS SRV records to locate the Kerberos realm and KDCs (AD domain controllers).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| default_realm = EXAMPLE.COM | |
| dns_lookup_realm = true | |
| dns_lookup_kdc = true |
scottslowe
/ apache-krb.conf
Created
December 19, 2014 19:19
This snippet of Apache configuration will enable Kerberos authentication, useful for integration with services like Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LoadModule auth_kerb_module modules/mod_auth_kerb.so | |
| <Location /secured> | |
| AuthType Kerberos | |
| AuthName "Kerberos Login" | |
| KrbMethodNegotiate On | |
| KrbMethodK5Passwd On | |
| KrbAuthRealms EXAMPLE.COM | |
| Krb5KeyTab /etc/httpd/conf/httpd.keytab | |
| require valid-user |