nslcd and LTSP

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Daniel Macdonald <D.R.MacDonald [at] salford.ac.uk>
To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: nslcd and LTSP
Date: Wed, 12 Jan 2022 14:50:44 +0000

Hi Arthur and nslcd users

I've mostly finished configuring a Ubuntu 20.04 LTSP server. The only outstanding issue now is that LDAP users can login but their sshfs home dirs aren't getting mounted successfully. We are using lightdm for the display manager and when an LDAP user logs in it prints the error:

.Pamltsp failed to mount home via SSHFS: read: Connection reset by peer

I am able to successfully mount the same users home dir manually using sshfs from one of the LTSP client machines. I have already asked the main LTSP developer about this issue and he suspects it is a PAM config error. He suggested using:

PAM_AUTH_TYPE=Additional

In ltsp.conf but that didn't fix this error.

LTSP currently only officially supports using LDAPS via sssd-ldap but we don't have a LDAPS server ready at the moment. The main LTSP developer seems to think we should be able to get LTSP to work using nslcd / LDAP.

Have you heard of anyone successfully using nslcd with LDAP and a recent version of LTSP / Ubuntu?

Here is my current /etc/nslcd.conf. This config works fine with Ubuntu 20.04 without LTSP. Users can login and their home dir gets mounted. Our LDAP server is a Windows Server 2016 DC.

Thanks for your help!

# /etc/nslcd.conf

# nslcd configuration file. See nslcd.conf(5)

# for details.

# The user and group nslcd should run as.

uid nslcd

gid nslcd

# The location at which the LDAP server(s) should be reachable.

uri ldap://uos-p-rodc-11.isdads.salford.ac.uk:389

# The search base that will be used for all queries.

base dc=isdads,dc=salford,dc=ac,dc=uk

# The LDAP protocol version to use.

#ldap_version 3

# The DN to bind with for normal lookups.

binddn LDAP-P-CSE1@ISDADS.SALFORD.AC.UK

bindpw INSERTLDAPPASSWORDHERE

# The DN used for password modifications by root.

#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options

#ssl off

#tls_reqcert never

#tls_cacertfile /etc/ssl/certs/ca-certificates.crt

# The search scope.

scope sub

timelimit 10

pagesize 1000

referrals off

idle_timelimit 800

filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))

filter group (objectClass=group)

map passwd uid sAMAccountName

map passwd homeDirectory unixHomeDirectory

map passwd gecos displayName

map passwd loginShell "/bin/bash"

filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))

map shadow uid sAMAccountName

map shadow shadowLastChange pwdLastSet

DANIEL MACDONALD
Specialist Technical Demonstrator

School of Computing, Science & Engineering
Room 145, Newton Building, University of Salford, Manchester M5 4WT
T: +44(0) 0161 295 5242
D.R.MacDonald@salford.ac.uk / www.salford.ac.uk

nslcd and LTSP, Daniel Macdonald

Re: nslcd and LTSP, Arthur de Jong

Prev by Date: Re: [EXTERNAL] Re: nslcd with sshd question
Next by Date: Re: nslcd and LTSP
Previous by thread: Re: nslcd: LDAP with TLS
Next by thread: Re: nslcd and LTSP