Introduction: Unify User Passwords and Home Directories Across More Than One Raspberry Pi Devices

About: Systems Administrator and Software Programmer.

Introduction

In "Make Raspberry Pi into a LDAP Server" and "Make Raspberry Pi do LDAP Authentication" intructables, we learned to unify user accounts and password across all linux machines. However, user's home directories are auto-created on each Raspberry Pi. Therefore, a user will have more than one home directories. Can I also unify user's home directories?

Yes.

Solution

The Network File System provide the sharing of the home directory. The automounter provides the auto-mounting of the shared home directory

We need to have at least 2 Raspberry Pi runnung Raspbian OS. For simplicity, I call them Rpi1 and Rpi2:

Rpi1 will have:

  • LDAP server with user account database
  • NFSv4 server sharing users' home directories

Rpi2 will have:

  • Automounter to mount users' home directory
  • LDAP authentication using Rpi1's LDAP server

Scope

This instructable will show how to:

  • Install OpenLDAP Server and NFSv4 Server on Rpi1
  • Configure OpenLDAP Server on Rpi1
  • Run OpenLDAP Server on Rpi1
  • Install automounter on Rpi2
  • Configure automounter on Rpi2
  • Install LDAP authentication software on Rpi2
  • Configure LDAP authentication on Rpi2

This instructable will NOT show how to:

Encrypt password sent over the wire

Environment

The following are data of the 2 Raspberry Pi:

Distributor ID: Debian

Description: Debian GNU/Linux 7.8 (wheezy)

Release: 7.8

Codename: wheezy

Linux rpipro.example.com 3.18.9+ #767 PREEMPT Sat Mar 7 21:41:13 GMT 2015 armv6l GNU/Linux

Step 1: Install LDAP Server

Complete all the steps in "Make Raspberry Pi into a LDAP Server" instructable in Rpi1.

We will operationalize the difference between local users and LDAP users for easier implementation and maintenance.

Local users have their password and uid stored in /etc/passwd file. Example is root, pi and system accounts.

LDAP users have their password and uid stored in LDAP server.

Local users' home directories are immediately under /home directory.

LDAP users' home directories are immediately under /home/ldap directory.

Open terminal emulator in Raspberry Pi (Rpi1)

Install LDAP-Name Service Switch (NSS) module:

sudo apt-get install libnss-ldapd

Configure nslcd daemon:

uri ldap://198.51.100.389 #Enter the ip address of Rpi1
base dc=example,dc=com
uid nslcdgid nslcd

Make the home directory of a user called John who has a user account in the LDAP server:

sudo mkdir /home/ldap
sudo mkdir /home/ldap/john
sudo cp /etc/skel/.[a-z]* /home/ldap/john
sudo chown -R john:john /home/ldap/john

Step 2: Make Raspberry Pi Do LDAP Authentication

Complete Steps 1 to 8 in "Make Raspberry Pi do LDAP Authentication" instructable in Rpi2.

Open terminal emulator in Raspberry Pi (Rpi2)

Disable auto-create home directories by removing following line in /etc/common-session if you have added it:

session required pam_mkhomedir.so umask=027 skel=/etc/skel

Save file if any changes are made

Restart Name Service LDAP Connection Daemon:

sudo service nslcd stop
sudo service nslcd start

Restart Name Service Cache Daemon:

sudo service nscd stop
sudo service nscd start

Step 3: Install NFSv4 Server on LDAP Server Machine

Complete the steps in my "Make Raspberry Pi into NFSv4 Server" instructable onto Rpi1.

Step 4: Share Home Directory of NFSv4 Server

Open terminal emulator in Raspberry Pi (Rpi1)

Share LDAP user home directories:

sudo vi /etc/exports
/home/ldap *(rw,sync,no_subtree_check)

Save the file

Export the shared drive:

sudo exportfs -rv

Step 5: Install Automounter in NFSv4 Client

Complete steps 1 to 3 in "Automount shared directories of remote computers" instructable.

Step 6: Configure Automounter in NFSv4 Client

Open terminal emulator in Rpi2

Make backup of master map:

sudo cp /etc/auto.master /etc/auto.master.pristine

Configure master map:

sudo vi /etc/auto.master
/home/ldap /etc/auto.home

Save the file

Configure indirect map:

sudo vi /etc/auto.home
* -fstype=nfs4,rw 192.168.0.6:/home/ldap/&

Save the file

Restart the automounter:

sudo service autofs stop
sudo service autofs start

Step 7: Test

Reboot Rpi2.

Enter John's credential on login screen:

user: john
password: johnldap

Rpi2 will take between 1 to 2 minutes to authenticate the user and automount the home directory

If the desktop is loaded, then the LDAP authentication is successful.

Open terminal emulator:

pwd

if output of above command shows /home/ldap/john, then automount-NFSv4 sharing is successful