Part 0: Multi-Master Kerberos Server with OpenLDAP Backend – Installer
Some months ago, I started to play around with OpenLDAP and Kerberos. At the beginning of my LDAP adventure, I often messed up my installation, so I ended up reinstalling everything and had to start again from scratch.
To make my life a little bit easier, I wrote a simple bash script to do the package installing in order to make the necessary changes to the config files only to the last ‘save’ point. Over the time, I added a lot of stuff and features and so the script started to accumulate. In retrospect, if I started again from the beginning, I would now use something more appropriated than bash.
Anyway, the script installs a “Multi-Master Kerberos Server with a LDAP Backend”.
Please follow the steps to try out the script on a current ubuntu or debian system (ubuntu 17.10 or debian 8). I would recommend to use a fresh system in a virtual machine.
There are some more things I will explain in further posts, once I will have the time which I do not have currently. Soooo, if you have specific questions about the script or ideas for improvement, please leave me a comment.
Disclaimer: Feel free to use this script at your own charge, I cannot be held responsible for what YOU do on YOUR administered system.
- Download the two files:
- Use md5 to check the data integrity of the downloaded file:
user@yourbox:~$ md5sum -c LDAPX-0.18.4.tar.gz.md5 - Extract the file with tar:
user@yourbox:~$ tar -zxvf LDAPX-0.18.4.tar.gz - Change in the directory LDAPX:
user@yourbox:~$ cd LDAPX - Add the fully qualified domain name of the server(s) to the variable ‘LIST_OF_ALL_LDAP_MASTERS’ in ‘conf/ldapx.main.conf‘. (Only necessary if you want more then one master server.)
- Optional step: Change the password of the ldap admin (_LDAP_ADMIN_PW), the gpg password file (_GPG_FILE_PW) and the gpg user password file (_GPG_FILE_PW_USER)
(Leave it blank to enter them during the installation)
- Optional step: Change the password of the ldap admin (_LDAP_ADMIN_PW), the gpg password file (_GPG_FILE_PW) and the gpg user password file (_GPG_FILE_PW_USER)
- Optional step: In the file ‘conf/ldapx.tls.conf’ change the values of TLS_CA_LOCALITY/TLS_CA_STATE/TLS_CA_COUNTRYCODE/…
- Become root with the command:
user@yourbox:~$ sudo su - Important: Add the fully qualified domain name of the server(s) to ‘/etc/hosts‘.
127.0.0.1 localhost #127.0.1.1 yourbox.domain.name yourbox 10.0.0.1 yourbox.domain.name yourbox
- Make the two scripts executable with:
root@yourbox:/home/user/LDAPX# chmod +x installLDAPX.sh
and
root@yourbox:/home/user/LDAPX# chmod +x setupLDAPX.sh - Run the script:
root@yourbox:/home/user/LDAPX# ./setupLDAPX.sh - Start the installation process with the menu item ‘Install first master server’
- You can find some more information in the file: ‘backup/ldapx.info‘
- Test the setup:
- kinit
- Use kinit to request a kerberos ticket:
root@yourbox:/home/user/LDAPX# kinit doejo - The default password for user doejo is ‘winter2014#’
- Use klist to list your cached Kerberos ticket.
- Use kinit to request a kerberos ticket:
- ssh
- ssh to yourbox with:
ssh doejo@yourbox - Use your new password or ‘winter2014#’ if you did not change it above.
- Use klist to list your cached Kerberos ticket.
- Try to become root with doejo@yourbox:~# sudo su –
- ssh to yourbox with:
- kinit