In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
# ldap network account #
1. What is ldap?
Ldap directory service authentication, similar to windows active Directory, is a way to record data
Software required for 2.ldap client
Yum sssd krb5-workstation-y
3. How to turn on ldap user authentication
Authconfig-tui
┌─┤ Authentication Configuration ├─┐
│ │
│ User Information Authentication │
│ [] Cache Information [] Use MD5 Passwords │
│ [*] Use LDAP [*] Use Shadow Passwords │
│ [] Use NIS [] Use LDAP Authentication │
│ [] Use IPAv2 [*] Use Kerberos │
│ [] Use Winbind [] Use Fingerprint reader │
│ [] Use Winbind Authentication │
│ [*] Local authorization is sufficient │
│ │
│ ┌─┐ ┌─┐ │
│ │ Cancel │ │ Next │ │
│ └─┘ └─┘ │
│ │
│ │
└─┘
┌─┤ LDAP Settings ├─┐
│ │
│ [*] Use TLS │
│ Server: ldap://cla***oom.example.com/_ │
│ Base DN: dc=example,dc=com___ │
│ │
│ ┌─┐ ┌─┐ │
│ │ Back │ │ Next │ │
│ └─┘ └─┘ │
│ │
│ │
└───┘
┌─┤ Kerberos Settings ├─┐
│ │
│ Realm: EXAMPLE.COM__ │
│ KDC: cla***oom.example.com_ │
│ Admin Server: cla***oom.example.com_ │
│ [] Use DNS to resolve hosts to realms │
│ [] Use DNS to locate KDCs for realms │
│ │
│ ┌─┐ ┌────┐ │
│ │ Back │ │ Ok │ │
│ └─┘ └────┘ │
│ │
│ │
└───┘
┌─┤ Warning ├─┐
│ │
│ To connect to a LDAP server with TLS │
│ protocol enabled you need a CA certificate │
│ which signed your server's certificate. │
│ Copy the certificate in the PEM format to │
│ the'/ etc/openldap/cacerts' directory. │
│ Then press OK. │
│ │
│ ┌────┐ │
│ │ Ok │ │
│ └────┘ │
│ │
│ │
└────┘
Because the certificate of tls is missing, you need to download the required certificate to / etc/openldap/cacerts from the server.
Commands used
Wget http://172.25.254.254/pub/example-ca.crt
Getent passwd ldapuser1
If the user information can be displayed normally, it proves that the client has recognized it successfully.
4. Automatically mount the user's home directory
Yum install autofs-y
Vim / etc/autofs.master
/ home/guests / etc/auto.ldap
Vim / etc/auto.ldap
Ldapuser1 172.25.254.254:/home/guests/ldapuser1
+ + +
* 172.25.254.254Homeostermogram guestsUniverse &
Systemctl restart autofs
# create script execution ldap####
Vim set-ldap.sh
#! / bin/bash
Echo "install software ing..."
Yum install sssd krb5-workstation autofs-y
Echo "config ldap auth client ing..."
Authconfig\
-- enableldap\
-- enablekrb5\
-- disableldapauth\
-- enableldaptls\
-- ldaploadcacert= http://172.25.254.254/pub/example-ca.crt\
-ldapserver= "cla***oom.example.com"\
-ldapbasedn= "dc=example,dc=com"\
-krb5realm= "EXAMPLE.COM"\
-krb5kdc= "cla***oom.example.com"\
-krb5adminserver= "cla***oom.example.com"\
-- enablesssd\
-- enablesssdauth\
-- update\
Echo "config ldap user\'s home directory"
Echo / home/guests / etc/auto.ldap > > / etc/auto.master
Echo "* 172.25.254.254VERVERGULAR homeguestsUnix &" > > / etc/auto.ldap
Systemctl restart autofs
Systemctl enable autofs
Echo "all is successful!"
: wq
Sh set-ldap.sh # # execute script
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
