User:Alexmat

From ArchWiki
Revision as of 00:52, 18 September 2005 by Alexmat (talk | contribs)
Jump to: navigation, search

Secure OpenLDAP Authentication for a Small Network

Manual CK Kernel Install


Network File System Setup

Introduction and Concepts

Server Setup

Verify/Compile Kernel NFS Support

For Kernel 2.6:

cd /usr/src/linux
make menuconfig
File Systems --->
 Network File Systems --->
 <*> NFS file system support
 [*]   Provide NFSv3 client support
 [ ]   Provide NFSv4 client support (EXPERIMENTAL)
 [ ]   Allow direct I/O on NFS files (EXPERIMENTAL)
 <*> NFS server support
 [*]   Provide NFSv3 server support
 [ ]   Provide NFS server over TCP support (EXPERIMENTAL)
 < > Secure RPC: Kerberos V mechanism (EXPERIMENTAL)
 < > SMB file system support (to mount Windows shares etc.)
 < > CIFS support (advanced network filesystem for Samba, Window and o...)
 < > NCP file system support (to mount NetWare volumes)
 < > Coda file system support (advanced network fs)
 < > Andrew File System support (AFS) (Experimental)

Install nfs-utils:

pacman -Sy nfs-utils

Edit /etc/exports:

/dir/toshare 192.168.1.0/24(rw,sync)

Update exports:

exportfs -a

Edit /etc/conf.d/nfsd and modify the following line to read:

MOUNTD_OPTS="--nfs-version 3"

Edit /etc/hosts.allow:

portmap: ALL
lockd: ALL
mountd: ALL

WARNING: Change ALL to a more secure setting! Only use that for initial testing.

Start nfs services:

/etc/rc.d/portmap start
/etc/rc.d/nfslock start
/etc/rc.d/nfsd start

Test your setup:

rpcinfo -p

After you've tested your setup and it works, add these services to the daemons list in /etc/rc.conf.


Client Setup

For Kernel 2.6:

cd /usr/src/linux
make menuconfig
File Systems --->
 Network File Systems --->
 <*> NFS file system support
 [*]   Provide NFSv3 client support
 [ ]   Provide NFSv4 client support (EXPERIMENTAL)
 [ ]   Allow direct I/O on NFS files (EXPERIMENTAL)
 < > NFS server support
 < > Secure RPC: Kerberos V mechanism (EXPERIMENTAL)
 < > SMB file system support (to mount Windows shares etc.)
 < > CIFS support (advanced network filesystem for Samba, Window and o...)
 < > NCP file system support (to mount NetWare volumes)
 < > Coda file system support (advanced network fs)
 < > Andrew File System support (AFS) (Experimental)

Start portmap:

/etc/rc.d/portmap start

Test your connection to the server:

rpcinfo -p -u server

Mount a share:

mount server:/shared/dir /mnt/share


Auto File System Mounter

Install

pacman -Sy autofs

Automount Home Directory

Edit /etc/autofs/auto.master:

/home /etc/autofs/auto.home --timeout 600

Edit /etc/autofs/auto.home:

*   -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp 192.168.1.11:/home:&

Start AutoFS

/etc/rc.d/autofs start

add to daemons too :)

Network Time Protocol Daemon Setup

Install

pacman -Sy ntp

Configure

# default restrictions
restrict default noquery notrust nomodify

# override the default restrictions
restrict 192.168.1.0 mask 255.255.255.0 nomodify

# public NTP servers to sync with
server bigben.cac.washington.edu
server time-nw.nist.gov
server tick.ucla.edu

restrict bigben.cac.washington.edu noquery nomodify
restrict time-nw.nist.gov noquery nomodify
restrict tick.ucla.edu noquery nomodify

# NTP drift file
driftfile /etc/ntp.drift

# NTP log file
logfile /var/log/ntp.log

Prevent DHCP Overwrite of /etc/ntp.conf

Edit /etc/conf.d/dhcpcd:

DHCPCD_ARGS="-t 30 -h $HOSTNAME -N"

Sync Time with Stratum 1 Server on Boot

Edit /etc/rc.d/ntpsync:

. /etc/rc.conf
. /etc/rc.d/functions

# Sync with Stratum 1 time server
stat_busy "Syncing System Clock"
/usr/bin/ntpdate -s bigben.cac.washington.edu
stat_done

Set executable:

chmod +x /etc/rc.d/ntpsync

Add NTPD to Daemon Startup List

Edit /etc/rc.conf:

Daemons(... ntpsync ntpd ...)


Jabberd2 using MySQL storage and OpenLDAP authentication

READ THIS!

If you have any problems at all, the official [Jabberd2 documentation] is superb!

Build Jabberd2 with MySQL and OpenLDAP Support

Copy the official arch build from /var/abs/extra/daemons/jabberd. Edit the PKGBUILD and add mysql and ldap support. Dont delete the SRC directory after your done, you'll need the mysql script in there to populate your initial database.

RTFM

The manual above walks you through the install of Jabberd very well. Make sure your ids are the same and look to /var/log/errors.log and /var/log/everything.log for help if you get stuck.