Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
tuto:ipasserelle:authentification:debian_sssd_on_sme [22/06/2012 12:02] dani créée |
tuto:ipasserelle:authentification:debian_sssd_on_sme [21/10/2015 17:30] (Version actuelle) heuzef [sssd] |
||
---|---|---|---|
Ligne 8: | Ligne 8: | ||
- | <code bash> | + | <code bash> |
- | apt-get install sssd libnss-sss | + | |
</ | </ | ||
- | ===== Configuration | + | ====== Configuration |
- | ===== | + | |
- | ==== sssd | + | ===== sssd ===== |
- | ==== | + | |
- | Éditez le fichier de configuration **/ | + | Éditez le fichier de configuration **/ |
- | + | <code bash> | |
- | + | ||
- | <code bash> | + | |
- | [domain/ | + | |
id_provider = ldap | id_provider = ldap | ||
auth_provider = ldap | auth_provider = ldap | ||
Ligne 39: | Ligne 33: | ||
ldap_user_gecos = cn | ldap_user_gecos = cn | ||
ldap_tls_reqcert = hard | ldap_tls_reqcert = hard | ||
- | ldap_tls_cacert = / | + | ldap_tls_cacert = / |
ldap_id_use_start_tls = true | ldap_id_use_start_tls = true | ||
# à dé-commenter si votre serveur SME est une iPasserelle | # à dé-commenter si votre serveur SME est une iPasserelle | ||
Ligne 54: | Ligne 48: | ||
- | Il faut aussi s' | + | Il faut aussi s' |
- | ==== nsswitch | + | ==== nsswitch ==== |
- | ==== | + | |
Ligne 64: | Ligne 57: | ||
- | <code bash> | + | <code bash> |
- | passwd: | + | |
group: | group: | ||
shadow: | shadow: | ||
Ligne 71: | Ligne 63: | ||
- | ==== pam | + | ==== pam ==== |
- | ==== | + | |
+ | |||
+ | <code bash>cd / | ||
+ | cp -a common-account common-account.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | |||
+ | |||
+ | account [success=1 new_authtok_reqd=done default=ignore] | ||
+ | # here's the fallback if no module succeeds | ||
+ | account requisite | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | account required | ||
+ | # and here are more per-package modules (the " | ||
+ | session optional | ||
+ | account [default=bad success=ok user_unknown=ignore] | ||
+ | EOF | ||
+ | cp -a common-auth common-auth.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | |||
+ | # here are the per-package modules (the " | ||
+ | auth [success=2 default=ignore] | ||
+ | auth [success=1 default=ignore] | ||
+ | # here's the fallback if no module succeeds | ||
+ | auth requisite | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | auth required | ||
+ | # and here are more per-package modules (the " | ||
+ | EOF | ||
+ | cp -a common-password common-password.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | |||
+ | |||
+ | # here are the per-package modules (the " | ||
+ | password | ||
+ | password | ||
+ | # here's the fallback if no module succeeds | ||
+ | password | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | password | ||
+ | # and here are more per-package modules (the " | ||
+ | |||
+ | |||
+ | EOF | ||
+ | cp -a common-session common-session.orig | ||
+ | cat <<' | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | |||
+ | # here are the per-package modules (the " | ||
+ | session [default=1] | ||
+ | # here's the fallback if no module succeeds | ||
+ | session requisite | ||
+ | # prime the stack with a positive return value if there isn't one already; | ||
+ | # this avoids us returning an error just because nothing sets a success code | ||
+ | # since the modules above will each just jump around | ||
+ | session required | ||
+ | # and here are more per-package modules (the " | ||
+ | session optional | ||
+ | session optional | ||
+ | session required | ||
+ | |||
+ | |||
+ | EOF | ||
+ | </ | ||
+ | |||
+ | ==== Activation au démarrage ==== | ||
+ | <code bash> | ||
+ | update-rc.d sssd enable | ||
+ | / | ||
+ | </ | ||