"Synology LDAP server linux and windows setting" 修訂間的差異
出自 DDCC TCAD TOOL Manual
(已建立頁面,內容為 "To make linux working with Synology LDAP server (not AD server). we can follow steps apt-get install -y ldap-utils libpam-ldap libnss-ldap nslcd Then edit /etc/ld...") |
|||
| 行 3: | 行 3: | ||
apt-get install -y ldap-utils libpam-ldap libnss-ldap nslcd |
apt-get install -y ldap-utils libpam-ldap libnss-ldap nslcd |
||
| − | Then edit /etc/ldap.conf |
+ | Then edit /etc/ldap.conf. Some is aready in the file. So just add ip and account |
host 192.168.0.2 |
host 192.168.0.2 |
||
| 行 14: | 行 14: | ||
nss_initgroups_ignoreusers ajaxterm,amavis,avahi,avahi-autoipd,backup,bin,clamav,colord,couchdb,daemon,dhcp,dovecot,dovenull,festival,games,gdm,gnats,haldaemon,hplip,irc,kernoops,kloglandscape,libuuid,lightdm,list,lp,mail,man,messagebus,mysql,news,nslcd,ntop,ntp,polkituser,postfix,postgrey,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data |
nss_initgroups_ignoreusers ajaxterm,amavis,avahi,avahi-autoipd,backup,bin,clamav,colord,couchdb,daemon,dhcp,dovecot,dovenull,festival,games,gdm,gnats,haldaemon,hplip,irc,kernoops,kloglandscape,libuuid,lightdm,list,lp,mail,man,messagebus,mysql,news,nslcd,ntop,ntp,polkituser,postfix,postgrey,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data |
||
| ⚫ | |||
| + | passwd: compat ldap sss |
||
| + | group: compat ldap sss |
||
| + | shadow: compat ldap sss |
||
| + | hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 |
||
| + | networks: files |
||
| + | protocols: db files |
||
| + | services: db files sss |
||
| + | ethers: db files |
||
| + | rpc: db files |
||
| + | netgroup: nis sss |
||
| + | automount: sss |
||
| − | cp ldap.conf /etc/ |
||
| + | Note sss is for AD domain, ldap is for synology user. My experience is that you can join both. But user name should not be the same for both systems. |
||
| ⚫ | |||
| + | vi /etc/ldap.secret (if it is not there, simply create a new one) |
||
| − | cp ldap.secret /etc/ |
||
| + | put the password of rootuser |
||
| ⚫ | |||
| + | chmod 700 /etc/ldap.secret |
||
| ⚫ | |||
| + | chown -R root.root /etc/ldap.secret |
||
| + | |||
| ⚫ | |||
| ⚫ | |||
| + | |||
| + | This should be working. |
||
| + | |||
| + | For windows, to make ldap work, the only solution I found is to download pGina to install in the windows system. Please find the guidance of pgina 3.1.8 |
||
於 2024年5月26日 (日) 10:15 的最新修訂
To make linux working with Synology LDAP server (not AD server). we can follow steps
apt-get install -y ldap-utils libpam-ldap libnss-ldap nslcd
Then edit /etc/ldap.conf. Some is aready in the file. So just add ip and account
host 192.168.0.2 base dc=synology-wk uri ldaps://192.168.0.2/ ldap_version 3 binddn rootbinddn uid=rootuser,cn=users,dc=synology-wk pam_password md5 nss_initgroups_ignoreusers ajaxterm,amavis,avahi,avahi-autoipd,backup,bin,clamav,colord,couchdb,daemon,dhcp,dovecot,dovenull,festival,games,gdm,gnats,haldaemon,hplip,irc,kernoops,kloglandscape,libuuid,lightdm,list,lp,mail,man,messagebus,mysql,news,nslcd,ntop,ntp,polkituser,postfix,postgrey,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data
vi /etc/nsswitch.conf passwd: compat ldap sss group: compat ldap sss shadow: compat ldap sss hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files sss ethers: db files rpc: db files netgroup: nis sss automount: sss
Note sss is for AD domain, ldap is for synology user. My experience is that you can join both. But user name should not be the same for both systems. vi /etc/ldap.secret (if it is not there, simply create a new one) put the password of rootuser chmod 700 /etc/ldap.secret chown -R root.root /etc/ldap.secret
sudo update-rc.d nslcd enable sudo /etc/init.d/nscd restart
This should be working.
For windows, to make ldap work, the only solution I found is to download pGina to install in the windows system. Please find the guidance of pgina 3.1.8
