Versions Compared

Old Version 18

changes.mady.by.user Tania Umme

Saved on

compared with

New Version 19

changes.mady.by.user Tania Umme

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleTHESE AUTH METHODS REQUIRE OPTIONAL PERL MODULES

 Each of the authentication methods require there own Perl Modules - you can install them with the cpan command and the module name e.g. "cpan Net::LDAP" or you can check if a module is installed with e.g. "cpan -D Net::LDAP"


MethodDescription
pam

As for the operating system like Debian or Ubuntu pam works out of the box. No special installation or any configuration needed.

However operating system like CentOS or RHEL required to follow some specific steps.

Config:

  1. Create pam.d configuration file on nmis8 .The presence of this will cause Linux-PAM to ignore  /etc/pam.conf 
  2. Allow web user to access  /etc/shadow with the authorisation to read and write. 
apacheApache will perform authentication and provide an authenticated user to NMIS, which will have authorisation policies applied.
htpasswdNMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis8/conf/users.dat
apacheApache will perform authentication and provide an authenticated user to NMIS, which will have authorisation policies applied.
htpasswdNMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis8/conf/users.dat
ldap

NMIS will use the configured LDAP server to perform authentication

Requires Optional Perl Module: Net::LDAP

 Config:
auth_ldap_server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to 

ldaps (secure)

NMIS

ldap

NMIS will use the configured LDAP server to perform authentication

Requires Optional Perl Module: Modules: IO::Socket::SSL and Net::LDAPLDAPS

 Config:
auth_ldapldaps_server server => 'host[:port]'
auth_ldap_attr => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=people,dc=opmantek,dc=com', # base of context to attempt to bind to 

ldaps (secure)

ms-ldap

NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Requires Optional Perl ModulesModule: IO Net::Socket::SSL and Net::LDAPSLDAP

Config:
auth_ms_ldap_server => 'host[:port]'
auth_msauth_ldaps_server   => 'host[:port]'
auth_ms_ldap_attr dn_acc => '' # attributes to match to username, can be blank, then defaults to ('uid','cn')
auth_ldap_context => 'ou=peoplethe DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com', #  # base of context to attempt to bind to to search from

ms-ldapldaps (secure)

NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Requires Optional Perl Module: Modules: IO::Socket::SSL and Net::LDAPLDAPS

Config:
auth_ms_ldap_server => 'host[:port]'
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from

ms-ldaps (secure)
pam

As for the operating system like Debian or Ubuntu pam works out of the box. No special installation or any configuration needed.

However operating system like CentOS or RHEL required to follow some specific steps.

Config:

  1. Create pam.d configuration file on nmis8 .The presence of this will cause Linux-PAM to ignore  /etc/pam.conf 
  2. Allow web user to access  /etc/shadow with the authorisation to read and write. 

NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication

Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS

Config:
auth_ms_ldaps_server => 'host[:port]'
auth_ms_ldap_dn_acc => '' # the DN/account to bind with
auth_ms_ldap_dn_psw => 'password'
auth_ms_ldap_attr => 'sAMAccountName', # attribute to match to username
auth_ms_ldap_base => 'dc=corp,dc=opmantek,dc=com' # base to search from
radius

NMIS will use the configured radius server (Cisco ACS or Steel Belted Radius for example)

Requires Optional Perl Modules: Authen::Simple::RADIUS

Config:
auth_radius_server => 'host:port'
auth_radius_secret => 'secret' 

tacacs

NMIS will use the configured Tacacs+ server (Cisco ACS for example)

Requires Optional Perl Modules: Authen::TacacsPlus

Config:
auth_tacacs_server => 'host:port'
auth_tacacs_secret => 'secret' # Also known as the "Key"

...