Introduction: Unify User Passwords and Home Directories Across More Than One Raspberry Pi Devices
Introduction
In "Make Raspberry Pi into a LDAP Server" and "Make Raspberry Pi do LDAP Authentication" intructables, we learned to unify user accounts and password across all linux machines. However, user's home directories are auto-created on each Raspberry Pi. Therefore, a user will have more than one home directories. Can I also unify user's home directories?
Yes.
Solution
The Network File System provide the sharing of the home directory. The automounter provides the auto-mounting of the shared home directory
We need to have at least 2 Raspberry Pi runnung Raspbian OS. For simplicity, I call them Rpi1 and Rpi2:
Rpi1 will have:
- LDAP server with user account database
- NFSv4 server sharing users' home directories
Rpi2 will have:
- Automounter to mount users' home directory
- LDAP authentication using Rpi1's LDAP server
Scope
This instructable will show how to:
- Install OpenLDAP Server and NFSv4 Server on Rpi1
- Configure OpenLDAP Server on Rpi1
- Run OpenLDAP Server on Rpi1
- Install automounter on Rpi2
- Configure automounter on Rpi2
- Install LDAP authentication software on Rpi2
- Configure LDAP authentication on Rpi2
This instructable will NOT show how to:
Encrypt password sent over the wire
Environment
The following are data of the 2 Raspberry Pi:
Distributor ID: Debian
Description: Debian GNU/Linux 7.8 (wheezy)
Release: 7.8
Codename: wheezy
Linux rpipro.example.com 3.18.9+ #767 PREEMPT Sat Mar 7 21:41:13 GMT 2015 armv6l GNU/Linux
Step 1: Install LDAP Server
Complete all the steps in "Make Raspberry Pi into a LDAP Server" instructable in Rpi1.
We will operationalize the difference between local users and LDAP users for easier implementation and maintenance.
Local users have their password and uid stored in /etc/passwd file. Example is root, pi and system accounts.
LDAP users have their password and uid stored in LDAP server.
Local users' home directories are immediately under /home directory.
LDAP users' home directories are immediately under /home/ldap directory.
Open terminal emulator in Raspberry Pi (Rpi1)
Install LDAP-Name Service Switch (NSS) module:
sudo apt-get install libnss-ldapd
Configure nslcd daemon:
uri ldap://198.51.100.389 #Enter the ip address of Rpi1
base dc=example,dc=com
uid nslcdgid nslcd
Make the home directory of a user called John who has a user account in the LDAP server:
sudo mkdir /home/ldap
sudo mkdir /home/ldap/john
sudo cp /etc/skel/.[a-z]* /home/ldap/john
sudo chown -R john:john /home/ldap/john
Step 2: Make Raspberry Pi Do LDAP Authentication
Complete Steps 1 to 8 in "Make Raspberry Pi do LDAP Authentication" instructable in Rpi2.
Open terminal emulator in Raspberry Pi (Rpi2)
Disable auto-create home directories by removing following line in /etc/common-session if you have added it:
session required pam_mkhomedir.so umask=027 skel=/etc/skel
Save file if any changes are made
Restart Name Service LDAP Connection Daemon:
sudo service nslcd stop sudo service nslcd start
Restart Name Service Cache Daemon:
sudo service nscd stop sudo service nscd start
Step 3: Install NFSv4 Server on LDAP Server Machine
Complete the steps in my "Make Raspberry Pi into NFSv4 Server" instructable onto Rpi1.
Step 4: Share Home Directory of NFSv4 Server
Open terminal emulator in Raspberry Pi (Rpi1)
Share LDAP user home directories:
sudo vi /etc/exports
/home/ldap *(rw,sync,no_subtree_check)
Save the file
Export the shared drive:
sudo exportfs -rv
Step 5: Install Automounter in NFSv4 Client
Complete steps 1 to 3 in "Automount shared directories of remote computers" instructable.
Step 6: Configure Automounter in NFSv4 Client
Open terminal emulator in Rpi2
Make backup of master map:
sudo cp /etc/auto.master /etc/auto.master.pristine
Configure master map:
sudo vi /etc/auto.master
/home/ldap /etc/auto.home
Save the file
Configure indirect map:
sudo vi /etc/auto.home
* -fstype=nfs4,rw 192.168.0.6:/home/ldap/&
Save the file
Restart the automounter:
sudo service autofs stop
sudo service autofs start
Step 7: Test
Reboot Rpi2.
Enter John's credential on login screen:
user: john
password: johnldap
Rpi2 will take between 1 to 2 minutes to authenticate the user and automount the home directory
If the desktop is loaded, then the LDAP authentication is successful.
Open terminal emulator:
pwd
if output of above command shows /home/ldap/john, then automount-NFSv4 sharing is successful