<< Oh lawks... | Home | Assistant system admin >>

LDAP authentication for MacOS clients and NFS mounts

A little exercise that might not apply to your problem

  1. Set TLS_REQCERT to never in /etc/openldap/ldap.conf (unless you know what you're doing - that seems to be the stopper for plaintext passwords)
  2. Go to Applications -> Utilities -> Directory Utility
  3. Toggle the lock at the bottom to "unlocked"
  4. Switch on Advanced mode
  5. Select Services-tab -> LDAPv3
  6. Click on pen-symbol at the bottom, then "Show options"
  7. Add entry for RFC 2307-style server
  8. Edit /etc/auto_home to contain only the line
    * -resvport,bg nfsserver:/path/to/home/&
    See 'man mount_nfs' for those two options.
  9. 'sudo automount -c' to make the automounter pick up the changed file

Things that should work now:

  • id someNetworkUser should print UID/GID from LDAP
  • ssh xxx@localhost should use network password and find home directory
  • sudo su xxx should work
  • dirt -u xxx
  • ls /home
Tags : , ,

Add a comment Send a TrackBack