Configure Ezeelogin to authenticate using Windows_AD(Pam-Ldap) in ubuntu?

Configure Ezeelogin to authenticate using Windows_AD(Pam-LDAP) in Ubuntu 16.x 18.x?

 

Integration of WINDOWS-AD (PAM-LDAP) in Ubuntu

Make sure that PHP-LDAP extension is installed on the server 

root@jumpserver:~# apt-get install php5-ldap/php7-ldap /php-ldap

1.  Login to Web-GUI > open settings > Ldap 

      Add the details in LDAP setting page.Check the following video to fill and configure Pam-LDAP

       

       Add the details of LDAP configurations & Check the WINDOWS ACTIVE DIRECTORY 

    

2. open settings > general > Authentication > change webpanel authentication to ldap & Check PAM Authentication

        

3. Select the LDAP users and import to ezeelogin  

  

 you can confirm the imported LDAP users were listed in Users 

 

Now you can log in to ezeelogin with LDAP user in ezeelogin GUI

 

4. Make sure that UNIX ATTRIBUTES is enabled on WINDOWS(2003,2008,2012) SERVER 

you do not need to install unix attributes on windows 10 and windows 2016 server OS

 Login to windows server & open command prompt

 Enter the below command

Dism.exe/online/enable-feature /featurename:nis /all

  Reboot the server to complete installation

 

Win 2008 Unix Attributes
Window 2016 AD for a user. Note that the attributes such as uidNumber = 10001 , gidNumber = 12001 , unixHomeDirectory = /home/jake , loginShell=/usr/local/bin/ezsh are set.
 
 
Let's configure PAM_LDAP Authentication for SSH  
 
 
*Login to ezeelogin ssh server to configure pam-LDAP
 
 
1. Install pam-LDAP module by the following command

root@jumpserver:~# apt-get install ldap-auth-client ldap-auth-config nscd

 
2. Enter LDAP URI, Base dn & select Ldap version 3
   
  Enter the details in LDAP setting. you can use the above video to fetch details  
 
3.  Add Binddn,bind password & Active Directory Mappings to /etc/ldap.conf  

nano /etc/ldap.conf

 

binddn cn=admin,dc=eztest,dc=net

bindpw chaSD@#234JH56hj^7

  And add binddn and bind password to the file

In Ubuntu 16.x, run the command  " ln -s /etc/ldap /etc/openldap"  as well.

 
4. Search for RF 2307 (AD) mapping & add or uncomment the following lines 
 

nss_map_objectclass posixAccount user

nss_map_attribute uid sAMAccountName

nss_map_attribute homeDirectory unixHomeDirectory

nss_override_attribute_value loginShell /usr/local/bin/ezsh

 
5. Append 'ldap' to password,group & shadow in /etc/nsswitch.conf  

root@tech2:~# cat /etc/nsswitch.conf

# /etc/nsswitch.conf

#

# Example configuration of GNU Name Service Switch functionality.

# If you have the `glibc-doc-reference' and `info' packages installed, try:

# `info libc "Name Service Switch"' for information about this file.

 

passwd:         compat  ldap   

group:          compat  ldap

shadow:         compat  ldap

 

hosts:          files mdns4_minimal [NOTFOUND=return] dns

networks:       files

 

protocols:      db files

services:       db files

ethers:         db files

rpc:            db files

 

netgroup:       nis

 
     Refer the above video for more information
 
6.  Enable autocreate home directory on login by adding the following to /etc/pam.d/common-session by the following command

echo "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session

 

  
 
 
7. Edit /etc/pam.d/common-password and add the entries for ldap.
 

vi /etc/pam.d/common-password

#look for the lines starting with password and add the line below to enable authentication via ldap.

password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass

 
8 . Restart  nscd service

service nscd restart  

Ensure the login shell of ldap user is /usr/local/bin/ezsh  

     

Now run the id / finger command and see whether you are able get AD user details 

[root@jumpserver ~]# finger franc

Login: jake           Name: jake t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[root@jumpserver ~]# id jake

uid=10001(jake) gid=120001(domain users) groups=1547600513(domain users)

 

5 (1)
Article Rating (1 Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Default outbound ssh port for target servers added in
    Viewed 1682 times since Thu, Dec 21, 2017
    How To Create a Self-Signed SSL Certificate for Nginx on debian
    Viewed 1270 times since Mon, Jun 4, 2018
    Configure Nginx webserver on Jump server / Bastion host
    Viewed 7206 times since Fri, Nov 3, 2017
    Can i install ezeelogin Jump server solution in a lan?
    Viewed 3189 times since Sat, Jul 8, 2017
    How to install ssl certs in jump server(secure connection) ?
    Viewed 2527 times since Mon, Apr 30, 2018
    How do i configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in centos ?
    Viewed 3950 times since Mon, Feb 5, 2018
    Can we map existing user group in ldap to ezeelogin as ezeelogin user group ?
    Viewed 3902 times since Mon, Sep 25, 2017
    How can i disable MySQL strict mode ?
    Viewed 2442 times since Tue, Feb 12, 2019
    How to install free SSL with Let’s Encrypt?
    Viewed 1799 times since Wed, Jul 18, 2018
    How to enable google 2FA (Two factor Authentication) in ezeelogin ?
    Viewed 3852 times since Mon, Oct 9, 2017