Configure Ezeelogin to authenticate using Windows_AD / OpenLDAP (Pam-Ldap) in Debian?
Integration of WINDOWS-AD&Openldap (PAM-LDAP) in Debian
Make sure that PHP-LDAP extension is installed on the server. Replace PHP version in below command.
1. Login to Web-GUI > open settings > Ldap
Add the details of LDAP configurations & Check WINDOWS ACTIVE DIRECTORY if you are authenticating with Windows AD & Save
2. Open Settings > General > Authentication > change webpanel authentication to LDAP & Check External SSH Auth
3. Select the LDAP users and import them to Ezeelogin
You can confirm the imported LDAP users were listed in Users
Now you can log in to Ezeelogin with LDAP user in ezeelogin GUI
After importing the users to Ezeelogin, log in with the user and set up security code for the user under Account > Password > New Security Code.
Skip 4th & 5th step if you are configuring OpenLDAP
4. Make sure that UNIX ATTRIBUTES is enabled on WINDOWS(2003,2008,2012) SERVER
You do not need to install unix attributes on windows 10 and windows 2016 server OS
Login to windows server & open command prompt
Enter the below command
Reboot the server to complete the installation
5. Make sure to add the values for UID, GID, Login Shell, Home Directory
Win 2008 Unix Attributes
For Window 2016 AD user set the attributes such as uidNumber = 10001 , gidNumber = 12001 , unixHomeDirectory = /home/jake , loginShell=/usr/local/bin/ezsh
For the Unix Attributes uidNumber, gidNumber, loginShell to be visible, make sure to click on the Filter button and select ONLY " Show Only Writable Attributes" as shown below.
Let's configure PAM_LDAP Authentication for SSH
Login to Ezeelogin ssh server to configure pam-LDAP
1. Install pam-LDAP module by the following command
2. Enter LDAP URI, Base dn , select Ldap version 3 , Bindpassword and BInddn on prompts
You can reconfigure the settings with the following command
root@jumpserver:~# dpkg-reconfigure libnss-ldap
Skip the 3rd step if you are configuring OpenLDAP
3. Add Active Directory Mappings to /etc/libnss-ldap.conf
Search for RF 2307 (AD) mapping & add or uncomment the following lines
4. Append 'ldap' to password,group & shadow in /etc/nsswitch.conf
5. Enable autocreate home directory on login by adding the following to /etc/pam.d/common-session by the following command
6. Edit /etc/pam.d/common-password and Remove the option 'use_authtok' on the password 'pam_ldap' module configuraiton as below.
7. Restart nscd service
Ensure the login shell of ldap user is /usr/local/bin/ezsh
Now run the id / finger command and see whether you are able get AD user details
Run an ldapsearch to check the values returned from your AD server as follows. This is used for troubleshooting. Ensure that it returns the values of uid,gid,home directory and login shell.