From 11:00 PM CST Friday, Feb 14th - 6:30 PM CST Saturday, Feb 15th, ni.com will undergo system upgrades that may result in temporary service interruption.
We appreciate your patience as we improve our online experience.
From 11:00 PM CST Friday, Feb 14th - 6:30 PM CST Saturday, Feb 15th, ni.com will undergo system upgrades that may result in temporary service interruption.
We appreciate your patience as we improve our online experience.
11-25-2014 06:13 AM
Hello,
I have cRIO 9068 PMU's that are part of a large network. I want to enforce LDAP authentication to these PMUs instead of using the default local account "admin". Is it possible to ssh to these devices using an LDAP account? If so, what packages do i need to install (and if they exist in the opkg repositories)?
Please point me to some useful materials if any.
Thank you,
ttesfay
11-25-2014 08:41 AM
The way I usually check for support for something in the opkg feed is not 100% reliable but it did work in this case: "opkg list" (after "opkg update") and grep the output for the feature I'm looking for, like this:
admin@scot-9068:~# opkg list | grep -i ldap
libldap-2.4-2 - 2.4.23-r1 - openldap version 2.4.23-r1 OpenLDAP Software is an open source
libldap-2.4-backend-dnssrv - 2.4.23-r1 - openldap version 2.4.23-r1 OpenLDAP dnssrv backend
libldap-2.4-backend-ldap - 2.4.23-r1 - openldap version 2.4.23-r1 OpenLDAP ldap backend
libldap-2.4-backend-meta - 2.4.23-r1 - openldap version 2.4.23-r1 OpenLDAP meta backend
libldap-2.4-backend-monitor - 2.4.23-r1 - openldap version 2.4.23-r1 OpenLDAP monitor backend
[more packages snipped]
I don't know much about LDAP so I can't advise you on how to use it, but hopefully Googling for OpenLDAP will give you what you need now that you know a package to try.
If you're just looking to avoid "admin" in general and not needing LDAP specifically, NI provides a system called NI Auth which you can use to create accounts other than admin, there's a config page for it at http://<your target IP>/#/WIFNIAuth;component/WIFNIAuthPage.dyn.xaml (or you can just use the basic command line tools like useradd to create accounts using the standard /etc/passwd mechanism).
12-02-2014 03:45 PM
One of the useful pages I've found is http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/ which explains the use of pam_ldap and nss_ldap together. I've used both of those components to do what you're trying to do.
I believe both of these components rely on OpenLDAP, but I wasn't able to find either pam_ldap or nss_ldap in the opkg repos. It may be that you need to build them yourself.
12-02-2014 06:54 PM
Thank you @scotsalmon. I have tried to list the openldap packages in the opkg repo but got back nothing.
I will try to do what Champion.j has suggested.
Thank you both for the pointers.
12-03-2014 08:15 AM
12-03-2014 08:27 AM
If you are using 2013 make sure that the package feeds are enabled: go into the files /etc/opkg/angstrom-*-feed.conf and uncomment the feed URL lines (remove the "#" and any leading spaces). After that rerun opkg update.
12-04-2014 08:50 AM
Thanks again gratian.crisan and ScotSalmon. i managed to get the list of openldap pacakgets after I uncommented the feed URLs in the different config files and added a nameserver in /etc/resolv.conf.
Now I have another problem - my cRIO keeps rebooting. I will ask this on separate thread.
best
01-26-2015 09:01 AM
@champion.j Thank you for the pointer. I have finally managed to enable ldap authentication. I had to install the libldap-dev package from repository and build the pam_ldap and nss_ldap packages from the source code at http://arthurdejong.org/nss-pam-ldapd/.
best