Unify User Passwords and Home Directories Across More Than One Raspberry Pi Devices

by mirza irwan osman in Circuits > Raspberry Pi

1127 Views, 6 Favorites, 0 Comments

Unify User Passwords and Home Directories Across More Than One Raspberry Pi Devices

FO41DYEI6HSMSDY.png

Introduction

In "Make Raspberry Pi into a LDAP Server" and "Make Raspberry Pi do LDAP Authentication" intructables, we learned to unify user accounts and password across all linux machines. However, user's home directories are auto-created on each Raspberry Pi. Therefore, a user will have more than one home directories. Can I also unify user's home directories?

Yes.

Solution

The Network File System provide the sharing of the home directory. The automounter provides the auto-mounting of the shared home directory

We need to have at least 2 Raspberry Pi runnung Raspbian OS. For simplicity, I call them Rpi1 and Rpi2:

Rpi1 will have:

  • LDAP server with user account database
  • NFSv4 server sharing users' home directories

Rpi2 will have:

  • Automounter to mount users' home directory
  • LDAP authentication using Rpi1's LDAP server

Scope

This instructable will show how to:

  • Install OpenLDAP Server and NFSv4 Server on Rpi1
  • Configure OpenLDAP Server on Rpi1
  • Run OpenLDAP Server on Rpi1
  • Install automounter on Rpi2
  • Configure automounter on Rpi2
  • Install LDAP authentication software on Rpi2
  • Configure LDAP authentication on Rpi2

This instructable will NOT show how to:

Encrypt password sent over the wire

Environment

The following are data of the 2 Raspberry Pi:

Distributor ID: Debian

Description: Debian GNU/Linux 7.8 (wheezy)

Release: 7.8

Codename: wheezy

Linux rpipro.example.com 3.18.9+ #767 PREEMPT Sat Mar 7 21:41:13 GMT 2015 armv6l GNU/Linux

Install LDAP Server

Complete all the steps in "Make Raspberry Pi into a LDAP Server" instructable in Rpi1.

We will operationalize the difference between local users and LDAP users for easier implementation and maintenance.

Local users have their password and uid stored in /etc/passwd file. Example is root, pi and system accounts.

LDAP users have their password and uid stored in LDAP server.

Local users' home directories are immediately under /home directory.

LDAP users' home directories are immediately under /home/ldap directory.

Open terminal emulator in Raspberry Pi (Rpi1)

Install LDAP-Name Service Switch (NSS) module:

sudo apt-get install libnss-ldapd

Configure nslcd daemon:

uri ldap://198.51.100.389 #Enter the ip address of Rpi1
base dc=example,dc=com
uid nslcdgid nslcd

Make the home directory of a user called John who has a user account in the LDAP server:

sudo mkdir /home/ldap
sudo mkdir /home/ldap/john
sudo cp /etc/skel/.[a-z]* /home/ldap/john
sudo chown -R john:john /home/ldap/john

Make Raspberry Pi Do LDAP Authentication

Complete Steps 1 to 8 in "Make Raspberry Pi do LDAP Authentication" instructable in Rpi2.

Open terminal emulator in Raspberry Pi (Rpi2)

Disable auto-create home directories by removing following line in /etc/common-session if you have added it:

session required pam_mkhomedir.so umask=027 skel=/etc/skel

Save file if any changes are made

Restart Name Service LDAP Connection Daemon:

sudo service nslcd stop
sudo service nslcd start

Restart Name Service Cache Daemon:

sudo service nscd stop
sudo service nscd start

Install NFSv4 Server on LDAP Server Machine

Complete the steps in my "Make Raspberry Pi into NFSv4 Server" instructable onto Rpi1.

Share Home Directory of NFSv4 Server

Open terminal emulator in Raspberry Pi (Rpi1)

Share LDAP user home directories:

sudo vi /etc/exports
/home/ldap           *(rw,sync,no_subtree_check)

Save the file

Export the shared drive:

sudo exportfs -rv

Install Automounter in NFSv4 Client

Complete steps 1 to 3 in "Automount shared directories of remote computers" instructable.

Configure Automounter in NFSv4 Client

Open terminal emulator in Rpi2

Make backup of master map:

sudo cp /etc/auto.master /etc/auto.master.pristine

Configure master map:

sudo vi /etc/auto.master
/home/ldap	/etc/auto.home

Save the file

Configure indirect map:

sudo vi /etc/auto.home
*	-fstype=nfs4,rw	192.168.0.6:/home/ldap/&

Save the file

Restart the automounter:

sudo service autofs stop
sudo service autofs start

Test

Reboot Rpi2.

Enter John's credential on login screen: 

user: john
password: johnldap

Rpi2 will take between 1 to 2 minutes to authenticate the user and automount the home directory

If the desktop is loaded, then the LDAP authentication is successful.

Open terminal emulator:

pwd

if output of above command shows /home/ldap/john, then automount-NFSv4 sharing is successful