135 lines
4.4 KiB
Plaintext
135 lines
4.4 KiB
Plaintext
|
|
Setting up lamdaemon:
|
|
|
|
|
|
Lamdaemon.pl is used to modify quota and home directories on a remote or local host via ssh.
|
|
If you want wo use it you have to set up some things to get it to work:
|
|
|
|
|
|
1. Setup values in LDAP Account Manager
|
|
* Set the remote or local host in the configuration
|
|
(e.g. 127.0.0.1)
|
|
* Path to lamdaemon.pl, e.g. /srv/www/htdocs/lam/lib/lamdaemon.pl
|
|
|
|
|
|
2. Set up sudo
|
|
The perl script has to run as root. Therefore we need
|
|
a wrapper, sudo.
|
|
Edit /etc/sudoers on host where homedirs or quotas should be used
|
|
and add the following line:
|
|
|
|
$admin All= NOPASSWD: $path
|
|
|
|
$admin is the adminuser from LAM and $path is the path to lamdaemon.pl
|
|
e.g. "$admin All= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl"
|
|
At the moment the password is a paramteter of lamdaemon.pl
|
|
therefore you should disable logging so the password does not
|
|
appear in any logfile.
|
|
This can be done by adding the following line to /etc/sudoers:
|
|
|
|
Defaults:$admin !syslog
|
|
|
|
|
|
3. Set up Perl
|
|
We need some external Perl modules, Quota and Net::SSH::Perl
|
|
To install them, run:
|
|
|
|
perl -MCPAN -e shell
|
|
install Quota
|
|
install Net::SSH::Perl
|
|
install Math::BigInt::GMP
|
|
|
|
If your Perl executable is not located in /usr/bin/perl you will have to edit
|
|
the path in the first line of lamdaemon.pl.
|
|
If you have problems compiling the Perl modules try installing a newer release
|
|
of your GCC compiler and the "make" application.
|
|
|
|
Debian users can install Net::SSH:Perl with dh-make-perl:
|
|
|
|
apt-get install dh-make-perl
|
|
dh-make-perl --build --cpan Net::SSH::Perl
|
|
dpkg -i libnet-ssh-perl_1.25-1_all.deb
|
|
|
|
|
|
4. Set up SSH
|
|
Your SSH daemon must offer the password authentication method.
|
|
To activate it just use this configuration option in /etc/ssh/sshd_config:
|
|
|
|
PasswordAuthentication yes
|
|
|
|
|
|
5. Test lamdaemon.pl
|
|
There is a test-function in lamdaemon.pl. Please run lamdaemon.pl
|
|
with the following parameters to test it:
|
|
|
|
lamdaemon.pl $ssh-server $lam_path_on_host $admin-username $admin-password *test
|
|
|
|
$ssh-server is the remote host lamdaemon.pl should be run on
|
|
$lam_path_on_host is the path to lamdaemon.pl on remote host
|
|
$admin-username is the name of the user which is allowed to run lamdaemon.pl
|
|
as root. It is the same user as in /etc/sudoers
|
|
$admin-password is the password of the admin user
|
|
*test is the command which tells lamdaemon.pl to test settings
|
|
|
|
You have to run the command as the user your webserver is running, e.g.
|
|
|
|
wwwrun@tilo:/srv/www/htdocs/lam/lib> /srv/www/htdocs/lam/lib/lamdaemon.pl \
|
|
127.0.0.1 /srv/www/htdocs/lam/lib/lamdaemon.pl adminuser secret *test
|
|
|
|
You should get the following response:
|
|
|
|
Net::SSH::Perl successfully installed.
|
|
Perl quota module successfully installed.
|
|
If you have not seen any error lamdaemon.pl should be set up successfully.
|
|
|
|
|
|
!!! Attention !!!
|
|
Your password in LDAP has to be hashed with CRYPT. If you use something like SSHA
|
|
you will probably get "Access denied.".
|
|
|
|
Now everything should work fine.
|
|
|
|
|
|
6. Debugging lamdaemon
|
|
If you set up all things as documented before and still get "Access denied"
|
|
then you can try to debug the problem.
|
|
|
|
- Check /var/log/auth.log or the equivalent on your system
|
|
This file contains messages about all logins. If the ssh login
|
|
failed then you will find a description about the reason here.
|
|
|
|
- Enable debug output in lamdaemon
|
|
In line 235 of lamdaemon.pl change the SSH options like this:
|
|
|
|
my $ssh = Net::SSH::Perl->new($hostname, options=>[
|
|
"UserKnownHostsFile /dev/null"],
|
|
protocol => "2,1", debug => 1 );
|
|
|
|
This will produce a lot of output when you do the lamdaemon test.
|
|
Check that there is a line like this:
|
|
|
|
Authentication methods that can continue: publickey,password,keyboard-interactive.
|
|
|
|
The "password" is the one which is important.
|
|
|
|
- Set sshd in debug mode
|
|
In /etc/ssh/sshd_conf add these lines:
|
|
|
|
SyslogFacility AUTH
|
|
LogLevel DEBUG3
|
|
|
|
Now check /var/log/syslog for messages from sshd.
|
|
|
|
- Update Openssh
|
|
A Suse Linux user reported that upgrading Openssh solved the problem.
|
|
|
|
|
|
Security warning:
|
|
-----------------
|
|
|
|
If you use PHP < 4.3 your admin user and password are passed as commandline argument.
|
|
This can be a security risk. Upgrade your PHP version for productive use.
|
|
|
|
|
|
Please send a mail to TiloLutz@gmx.de if you have any suggestions.
|