ZNC
This page describes client and server setup for ZNC with LDAP authentication. For more info on ZNC, see [1].
Server setup
Saslauthd setup
For LDAP authentication, we use the Cyrusauth module [2], which needs to communicate with the SASL authentication daemon (saslauthd).
-
On the server, install the following packages:
apt install sasl2-bin ca-certificates
-
Open /etc/default/saslauthd, and change the following lines:
START=yes MECHANISM="ldap"
-
Paste the following into /etc/saslauthd.conf:
ldap_servers: ldaps://auth1.csclub.uwaterloo.ca ldaps://auth2.csclub.uwaterloo.ca ldap_search_base: ou=People,dc=csclub,dc=uwaterloo,dc=ca ldap_filter: (uid=%u)
-
Start saslauthd:
# service saslauthd start
-
Test saslauthd to make sure it's working:
$ testsaslauthd -u "your_csc_username" -p "your_csc_password"
You should see a response like
0: OK "Success."
ZNC setup
-
Install ZNC:
# apt install znc
-
Add a user for ZNC and create an initial configuration:
# useradd -s /bin/bash -m znc # usermod -a -G sasl znc # su - znc $ znc --makeconf
Note that the znc user must be part of the sasl group to communicate with saslauthd.
- Visit the web interface at <SERVER_IP>:<PORT>. Note that you may need to modify your browser settings so that you can visit a website at port 6667 or 6697.
- Log in using your admin credentials, then go to "Global Settings". Check the "cyrusauth" box, type "saslauthd" in the arguments input field, then scroll to the bottom and click "Save".
-
You will now need to connect to ZNC with an IRC client. The commands below assume Weechat is being used, but other clients should be similar.
/server add myznc <SERVER_IP>/<PORT> -username=<ADMIN_USERNAME> -password=<ADMIN_PASSWORD> /connect myznc /msg *Cyrusauth CreateUsers yes
This will tell ZNC to create a new user on their first login.
-
You may optionally wish to create users from a template (i.e. dummy) user to share some common per-user settings, such as MaxNetworks. To do this, login to the ZNC web interface as admin and click on "Manage Users". Add a new user called "dummy" with the desired settings, then click "save".
Now open Weechat, login to ZNC as admin, and run the following:
/msg *Cyrusauth CreateUsers clone dummy
This will tell ZNC to clone new users using "dummy" as the template.
-
You may wish to optionally enable the adminlog module [3] so that you can see who has logged in from where at what time. By default, these logs will be written to a file. To prevent this file from growing too long, install logrotate and paste the following into /etc/logrotate.d/znc:
/home/znc/.znc/moddata/adminlog/znc.log { rotate 4 weekly compress }
This will keep rotate logs every week, discarding logs after they have been rotated 4 times.
NGINX Tuning
If you are running ZNC behind NGINX as a reverse proxy, keep in mind that by default, NGINX will run one worker process per CPU core. To reduce this, change the following in /etc/nginx/nginx.conf:
worker_processes 4
Client setup
These instructions show how to connect to the #csc channel on Freenode via ZNC.
- Visit the ZNC web portal and login using your CSC credentials.