#! /bin/bash # This script will install an LDAP authentication client for # Debian-based systems. It relies on apt-get for package # installation. If you are using Ubuntu or Mepis, make sure # you have the 'universe" repository enabled. The packages we # need are in there. # # Suppose the script's filename is ldapconf.sh # If you are running it as a sudo user, type: # chmod +x filename && sudo ./ldapconf.sh # # If you are root, run it as: # chmod +x filename && ./ldapconf.sh # # Feel free to modify and distribute this file freely, so long # as you leave the author's name and URL intact. # # © Ameir Abdeldayem # http://www.ameir.net # Last modified: September 1, 2006 #---------------------------------------------------------------# DATE=`date +'%m-%d-%Y-%T'` # check if root, else run as sudo user function root { if [ $(whoami) = "root" ] then echo -n else echo -n "sudo " fi } $(root) apt-get install libpam-ldap libnss-ldap ldap-utils nscd echo "Backing up and modifying files in pam.d/ ..." $(root) mv /etc/pam.d/common-account /etc/pam.d/common-account.$DATE.bak $(root) echo account sufficient pam_ldap.so >> /etc/pam.d/common-account $(root) echo account required pam_unix.so try_first_pass >> /etc/pam.d/common-account $(root) mv /etc/pam.d/common-auth /etc/pam.d/common-auth.$DATE.bak $(root) echo auth sufficient pam_ldap.so >> /etc/pam.d/common-auth $(root) echo auth required pam_unix.so try_first_pass >> /etc/pam.d/common-auth $(root) mv /etc/pam.d/common-password /etc/pam.d/common-password.$DATE.bak $(root) echo password sufficient pam_ldap.so >> /etc/pam.d/common-password $(root) echo password required pam_unix.so nullok obscure min=4 max=8 md5 \ try_first_pass >> /etc/pam.d/common-password # changes in common-session shouldn't be needed, but if so uncomment and (re)run # $(root) mv /etc/pam.d/common-session /etc/pam.d/common-session.$DATE.bak # $(root) echo session sufficient pam_ldap.so >> /etc/pam.d/common-session # $(root) echo session required pam_unix.so >> /etc/pam.d/common-session $(root) cp /etc/nsswitch.conf /etc/nsswitch.conf.$DATE.bak $(root) cp /etc/nsswitch.conf /etc/nsswitch.conf.bak echo "Editing your nsswitch.conf file..." $(root) sed -e 's/compat/ldap files/g' /etc/nsswitch.conf.bak > /etc/nsswitch.conf echo -e "Finished installing packages and modifying configuration files! \n" echo -e "NOTES:\nYou may need to restart your computer before changes take effect." echo "You can restart your computer by typing '$(root)reboot' in this very same window." echo "If you are trying to login as a user that is local AND in LDAP and are getting\ permission errors, type (write this down) '$(root)nscd --invalidate=passwd' in a terminal."