Guide to ZNC

This page describes client and server setup for ZNC with LDAP authentication. For more info on ZNC, see [1].

Server setup

Saslauthd setup

For LDAP authentication, we use the Cyrusauth module [2], which needs to communicate with the SASL authentication daemon (saslauthd).

1. On the server, install the following packages:

   apt install sasl2-bin ca-certificates

2. Open /etc/default/saslauthd, and change the following lines:

   START=yes
   MECHANISM="ldap"
   

3. Paste the following into /etc/saslauthd.conf:

   ldap_servers: ldaps://auth1.csclub.uwaterloo.ca ldaps://auth2.csclub.uwaterloo.ca
   ldap_search_base: ou=People,dc=csclub,dc=uwaterloo,dc=ca
   ldap_filter: (uid=%u)
   

4. Start saslauthd:

   # service saslauthd start
   

5. Test saslauthd to make sure it's working:

   $ testsaslauthd -u "your_csc_username" -p "your_csc_password"
   

   You should see a response like

   0: OK "Success."
   

ZNC setup

1. Install ZNC:

   # apt install znc
   

2. Add a user for ZNC and create an initial configuration:

   # useradd -s /bin/bash -m znc
   # usermod -a -G sasl znc
   # su - znc
   $ znc --makeconf
   

   Note that the znc user must be part of the sasl group to communicate with saslauthd.

3. Visit the web interface at <SERVER_IP>:<PORT>. Note that you may need to modify your browser settings so that you can visit a website at port 6667 or 6697.
4. Log in using your admin credentials, then go to "Global Settings". Check the "cyrusauth" box, type "saslauthd" in the arguments input field, then scroll to the bottom and click "Save".
5. You will now need to connect to ZNC with an IRC client. The commands below assume Weechat is being used, but other clients should be similar.

   /server add myznc <SERVER_IP>/<PORT> -username=<ADMIN_USERNAME> -password=<ADMIN_PASSWORD>
   /connect myznc
   /alias add znc /quote znc
   /znc *Cyrusauth CreateUsers yes
   

   This will tell ZNC to create a new user on their first login.