OpenLDAP – Configuring a server to authenticate users using LDAP

Objectives

This screencast continues on with the ldap server we setup in the previous screencast, but this time we will configure another server (client.test.net) to authenticate its users against our LDAP. This is a concept known as centralised user authentication, where by we can store all our users and their credentials on one server. The screencast is basically a walk through of the changes that need to be made to PAM (pluggable authentication modules) which Linux uses to determine how users should be authenticated when logging in.

I have to apologise for the screw up at the end. I had changed my example users password and forgotten about it until I came to do the screencast, hopefully you’ll get the idea.

Note: If you haven’t come across PAM before it is advisable to have a quick skim though this very good introduction before trying to configure PAM.

Resources

apt-get install libpam-ldap nscd

cd /etc/
emacs nsswitch.conf
change:
  passwd: ldap compat
  group:  ldap compat
  shadow: ldap compat

cd /etc/pam.d/
edit each of the following files...
* common-auth
  (edit)   auth [success=1 default=ignore] pam_unix.so nullok_secure
  (add)    auth required pam_ldap.so use_first_pass
  (add)    auth required pam_permit.so

* common-account
  (edit) account sufficient	pam_unix.so
  (add)  account required	pam_ldap.so

* common-session
  (add) session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

* common-password
  (edit) password sufficient pam_unix.so nullok obscure md5
  (add)  password required   pam_ldap.so

invoke-rc.d nscd restart

References

• http://www.tuxradar.com/content/how-pam-works
• http://www.debian-administration.org/articles/585
• http://linux.com/feature/114074

 Subscribe in a reader

OpenLDAP – Installation and adding objects using phpldapadmin and ldapadd

Overview

This screencast shows a walk through of installing openldap and phpldapadmin. After installation I go through and setup a couple of organizational units to store users and groups which I’ll use in a later screencast when I configure ubuntu to authenticate against against an LDAP server for user logins.

This screencast doesn’t really acomplish anything overly exciting but is required before heading into some of the things that LDAP can do, such as centralized user authentication or storing your puppet configured servers and their classes.

Resources

apt-get install slapd
apt-get install ldap-utils
apt-get install phpldapadmin

emacs /etc/ldap/ldap.conf
(set BASE dc=test,dc=net and URI ldap://172.16.1.1)

emacs /etc/php5/apache2/php.ini
(set memory_limit = 32M)

ldapadd -c -x -D "cn=admin,dc=test,dc=net" -W -f ./test.ldif

References

• http://www.debian-administration.org/articles/585
• http://linux.com/feature/114074

 Subscribe in a reader

Zenoss – Monitoring a Cisco Router & forwading Cisco and Linux syslog events

Overview

This screencast starts by showing you how to enable SNMP on a Cisco router (please note the configuration of other Cisco devices such as catalyst switches is slightly different). Then we look at getting all log messages forwarded through to Zenoss so they show up as Zenoss events. I then go back and setup forwarding of the /var/log/syslog to Zenoss on the Linux server we configured in the first Zenoss screencast.

(I ran over the youtube limit of 10 minutes with this video and so had to upload it to google video instead. As a result the quality isn’t quite as good. Sorry, won’t happen again)

Resources

Cisco configuration

en
conf t
hostname router1
int fa0/0
ip address 172.16.1.5 255.255.255.0

exit
snmp-server community public RO
snmp-server contact Joe Admin
snmp-server location Brisbane QLD Australia

logging 172.16.1.1
copy run start

Linux Configuration:

vim /etc/syslog.conf
(add the line: *.* @172.16.1.1)
update-rc.d sysklogd restart

References

• http://www.netcraftsmen.net/welcher/papers/snmprouter.html
• http://www.linuxhomenetworking.com/cisco-hn/syslog-cisco.htm
• http://www.adventnet.com/products/webnms/syslog/help/syslog_fp/start_forward.html

 Subscribe in a reader

Zenoss – Adding a user and email alerts

This screencast shows you how to add a user and configure them to receive alerts for a specific class of devices (in our case any Linux server) via email. It also quickly shows performance data which the test server setup in the first Zenoss screencast has collected (after running for two hours).

 Subscribe in a reader

Zenoss – Installation & monitoring a server via SNMP

In this screencast I show you how to download and install the Zenoss server software, how to configure an Ubuntu Linux server to run SNMP and then how to add that SNMP enabled server to Zenoss for monitoring.

Hopefully someone with find this helpful to get them up and running quickly with Zenoss. Just as a precautionary note, I would probably advise against using SNMP (and certainly with my config file) if you’re monitoring servers over the internet, but on a secured LAN it should be fine.

Below is my snmpd.conf configuration file that I use which is pretty much straight out of the Zenoss manual.


## System location and contact information
syslocation Timbucktoo
syscontact Joe Admin

## sec.name source community
com2sec notConfigUser default public

## groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser

## Make at least snmpwalk -v 1 localhost -c public system fast again.
## name incl/excl subtree mask(optional)
view systemview included .1

## group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none


 Subscribe in a reader

Puppet – Installation & configuring a client server

This first screencast is going to get you up and running with a very simple puppet manifest that will be used to install emacs and a custom motd banner on a server. Below is the example site.pp manifest I used in the demonstration.

node 'client.test.net' {
package { "emacs22-nox": ensure => installed }
file { "/var/run/motd":
source => "puppet:///files/motd"
}
}

 Subscribe in a reader