Logging into Linux Mint

Lee David Painter

Introduction

This article shows you how you can configure a Linux Mint operating system so that you can log into your Linux computer using LogonBox Directory credentials.

If you have not installed LogonBox Directory, now is the time to do so. This discussion assumes you have a server installed, configured, and ready to go with users waiting to log into Linux.

Before you head off configuring Mint to connect to your directory there are a few values you will need to jot down. These are:

Directory Hostname

This will be the FQDN of your LogonBox Directory. This hostname must be resolvable from each client you want to log in from. If your users will be accessing the directory via the Internet then make sure you have firewalled and port-forwarded the directory from your public hostname/IP address.

Directory LDAP DN

The LDAP Distinguished Name is a uniquely formatted string that provides a way to resolve elements in the LDAP. You will need to know the root DN of your server. If you have not changed this, then it will be dc=System,dc=local.

Directory LDAP Port

Unless you have changed the default LDAPS interface, the port value will be 636 for the ldaps:// protocol.

Service Account

You will need an account that has permission to search the LDAP. We recommend creating a specific user with a minimal set of permissions. See our Creating a Service Account article for more information.

 

Linux Mint system configuration

1. Installing the LDAP client

We first need to install the LDAP client and other utilities we need for LDAP to work with Linux Mint 20. This can be done with this command from a terminal prompt (confirm with Y):

sudo apt install libnss-ldap libpam-ldap ldap-utils nscd nslcd

 

For configuring nslcd, at the LDAP server URI prompt that appears, enter ldap:// followed by the LogonBox Directory hostname and press enter

 

Now enter the DN noted earlier to define the Base DN of the system and press enter (i.e. dc=System,dc=local)

 

At the LDAP server URI prompt that appears, enter ldap:// followed by the LogonBox Directory hostname and press enter.

 

Now enter the DN noted earlier to define the Base DN of the system and press enter (i.e. dc=System,dc=local)

 

For the LDAP version, select 3 and press enter to continue.

 

Select Yes to Make local root Database admin.

 

Select Yes for the option to require login and press enter.

 

Enter the service account DN and press enter.

 

Enter the service account password and press enter.

 

Use the service account again for the unprivileged database user and press enter.

 

Enter the service account password again and press enter again.

 

2. Completing the Mint configuration

To configure Linux Mint 20 to use LDAP for authentication we need to update the PAM configurations with the following command:

sudo pam-auth-update

Press enter to accept the default profiles (Unix, LDAP, etc).

 

You are returned back to the terminal. Now we will configure automatic creation of a user's home directory.

Edit the Common Session PAM file with:

sudo nano /etc/pam.d/common-session

At the end of the file add this line:

session required pam_mkhomedir.so skel=/etc/skel umask=077

Save the file with CTRL-X then Y, enter.

 

Now edit the Common Password file with:

sudo nano /etc/pam.d/common-password

Find the line:

password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass

and remove the use_authtok part of that line.

password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass

Save the file with CTRL-X then Y, enter.

 

Now edit the nsswitch.conf file with:

sudo nano /etc/nsswitch.conf

Add ldap to the end of the lines starting with passwd:, group: and shadow:

Save the file with CTRL-X then Y, enter.

 

Finally we need to be able to enter a username on the login screen, so we need to change the default prompt which doesn't allow you to add the user.

Click the Mint Menu-> Administration-> Login Window and authenticate as the superuser.

Click the Users tab and turn on Allow manual login and close the window.

 

3. Reboot system

Restart and enable the nscd service:

sudo systemctl restart nscd

sudo systemctl enable nscd

Finally for good measure, reboot your Mint client.

You now have a completed configuration.

 

Testing Configuration

Now you are ready to log in to Linux Mint with your LogonBox Directory accounts. 

You can perform a quick test to list all the available accounts:

sudo getent passwd

 

This should list all local Linux accounts as well as any account on your LogonBox Directory. 

For example here, my test Directory has 3 accounts: admin, user1 and serviceAccount.

 

Testing a login via SSH

 

Testing a GUI login