Shulou(Shulou.com)06/02 Report--

# # LDAP Network user account # #

Learning goal

LDAP client configuration

Automatic loader metacharacter

1.1 authentication # using a LDAP server for network authentication

In this course, so far, we have introduced local user accounts managed through local files (for example, / etc/passwd) on each computer. However, it is very difficult to coordinate local user accounts across multiple systems

In this section, we will show you how to set up your computer as a client to use the network user account provided by the existing LDAP directory service. In this way, the LDAP directory becomes the central body of all network users and groups in our organization.

User account information can determine the characteristics and configuration of the installed account. The authentication method is used to determine whether the person trying to log in should be granted access to the account. Network directory service can provide user account information and authentication methods.

The LDAP directory server can be used as a distributed, centralized, network user management service. Directory entries are arranged in a tree structure in which you can search. The underlying DN (differentiated name) is the basis of the tree and is used to search for directory entries for users and groups.

Main elements of LDAP client configuration

-1. Fully qualified hostname of the server

-2. Base DN for searching user-defined

-3. Certification authority ("CA") certificate, used to sign the SSL certificate of the LDAP server

1.2 install # install client software

Authconfig-gtk

Sssd

Krb5-workstation

1.3 authentication # ldap users authenticated by authconfig-gtk

Authconfig-gtk

1.4 verify # detect ldap authenticated users

Getent passwd ldapuserx

Vim / etc/sssd.conf

-enumerate = ture | false

-systemctl restart sssd

1.5 verify # authenticate ldap users through authconfig-tui

Authconfig-tui

1.6 download certificate file

Cd / etc/openldap/cacerts

Wget

Http://cla***oom.example.com/pub/example-ca.crt

Ls / etc/openldap/cacerts

1.7 automatically hangs in the ldap user's home directory

Install autofs

Edit autofs policy file

-vim / etc/auto.master

/ home/guests / etc/auto.ldap

-vim / etc/auto.ldap

Ldapuser0 cla***oom.example.com:/home/guests/ldapuser0

2.1 configure the ldap service network

2.2 install the required sssd services, krb5-workstation services, autofs services

2.3vim / mnt/auth-config.sh # # non-interactive scripting to set up LDAP network user accounts and home directories

Content of the script:

#! / bin/bash

Echo "install packages..."

Yum install sssd krb5-workstation autofs-y & > / dev/null # # install the required sssd services, krb5-workstation services, autofs services

Echo "config authconfig..."

Authconfig\ # # Open the authconfig service

-- enableldap\ # # LDAP is enabled by default for user information

-- enablekrb5\ # # kerberos authentication is enabled by default

-- disableldapauth\ # # disable LDAP for authentication by default

-- enableldaptls\ # # enable LDAP with TLS

-- ldapserver= "cla***oom.example.com"\ # # the host name or URL of the default LDAP server

-- ldapbasedn= "dc=example,dc=com"\ # # default LDAP basic DN

-- ldaploadcacert= http://172.25.254.254/pub/example-ca.crt\ # # load the CA certificate from this URL

-- krb5realm= "EXAMPLE.COM"\ # # default kerberos domain

-- krb5kdc= "cla***oom.example.com"\ # # default kerberoskdc

-krb5adminserver= "cla***oom.example.com"\

-- update

Echo "config autofs...." # # configure a network user's home directory

Echo "/ home/guests / etc/auto.ldap" > > / etc/auto.master # # Edit the main configuration file

Echo "* 172.25.254.254HomeCandle guestsUnix &" > / etc/zuto.ldap # # Edit the subconfiguration file

Systemctl restart autofs # # restart the autofs service

Echo "ok!!"

Test

2.4authconfig-tui # # manually set up LDAP network user account

2.5getent passwd ldapuser1 # # detect ldap authenticated user 1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.