[Network Administration] : OpenLDAP and SASL Passthrough

I needed to get the SASL passthrough working since I have some things that need to bind to the LDAP server. Specifically, I need to be able to authenticate to my Synology NAS with my LDAP account. Till now, I’ve just used NFS permissions to mount the shares to the system (mainly using the automounter getting the information from the LDAP server). If I need to allow clients to bind to the LDAP server as authentication, then I’ll need to have access to the password. I store my passwords in the Kerberos KDC, but I can have LDAP pass the authentication through to a SASL backend instead of storing the passwords locally in the directory.
Continue reading “[Network Administration] : OpenLDAP and SASL Passthrough”

Advertisements

[Network Administration] : Ubuntu and encrypted swap space

Installing Ubuntu 14.04LTS, I’ve gotten the following error:
the disk drive for /dev/mapper/cryptswap1 is not ready yet or not present
The message is annoying, but worse, the swap partition is not encrypted.
I was able to get around this by editing the /dev/crypttab to list the /dev/ path to the drive instead of the UUID in the cryptswap1 entry:

# 				
cryptswap1 UUID=2f36a43f-0d3e-4c2e-92ad-ac12603c1ff0 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

was changed to:

# 				
cryptswap1 /dev/mapper/cerf--vg-swap_1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

I still get the message, but the swap space is encrypted now.

cerf:~> sudo swapon --summary
Filename				Type		Size	Used	Priority
/dev/mapper/cryptswap1                  partition	8314876	0	-1

[Network Administration]: OS X and Mobile Accounts

I have both Ubuntu and Linux machines. One of the goals is to have access to all of the same information regardless of where I log in, and to have it transparent to the machine that I’m actually using. Continue reading “[Network Administration]: OS X and Mobile Accounts”

[Network Administration]: Automounter over LDAP

This is basically an update to the autofs and automounter page that was published earlier to reflect some changes to how things are set up now. I still have my automount maps in the LDAP directory, but the DN for the maps is updated to the currently provided autofs schema that comes with the Ubuntu package instead of the rfc2307bis schema which seems to have languished in draft form. I’ve also unified some of the files across both Linux machines and OS X. Continue reading “[Network Administration]: Automounter over LDAP”

[Network Administration]: Linux Kerberos Authentication and LDAP Authorization

Once principals are added to the Keberos Database, and the account information is added to the LDAP directory, then the client Linux machines can be configured to access the information and allow for network accounts to be used. Continue reading “[Network Administration]: Linux Kerberos Authentication and LDAP Authorization”

[Network Administration]: Network Accounts

At a basic level, the Kerberos KDC manages the passwords, and the LDAP directory is used to manage user accounts and user groups for both Linux systems and OSX systems. In order to do this, the Kerberos KDC needs to have users and passwords, and the directory needs entries with some basic information that both systems require for authorization. Once the information is in both the KDC and the directory, then both linux and OSX systems can be configured to use the information.
Continue reading “[Network Administration]: Network Accounts”

[Network Administration]: LDAP Directory Service – Frontend and Scripts

I’ve got my authentication service and directory set up and running. Now it needs to be populated. In addition to keeping user and group records, I’m going to be using this for a couple of different services in addition to keeping user and group records such as automount maps and information for a mail server (currently in a MySQL database) as well as more traditional directory information. I’ve created the directory to be more deep than wide putting daemon information under it’s own organizational unit. There are also some packages to manage the entries in Perl.
Continue reading “[Network Administration]: LDAP Directory Service – Frontend and Scripts”