8/1/12

CẤU HÌNH LDAP CLIENT


1.1.1.     CẤU HÌNH LDAP CLIENT

[root@linux ~]#yum -y install openldap-clients nss-pam-ldapd
[root@linux ~]#vi /etc/openldap/ldap.conf
# add at the last line
# LDAP server's URI
URI ldap://10.0.0.39/
# specify Suffix
BASE dc=server,dc=world
TLS_CACERTDIR /etc/openldap/cacerts
[root@linux ~]#vi /etc/nslcd.conf
# line 131: specify URI, Suffix
uri
ldap://10.0.0.39/
base dc=server,dc=world
ssl no
tls_cacertdir /etc/openldap/cacerts
[root@linux ~]#vi /etc/pam_ldap.conf
# line 17: make it comment
#host 127.0.0.1
# line 20: specify Suffix
base dc=server,dc=world
# add at the last line
uri ldap://10.0.0.39/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
[root@linux ~]#vi /etc/pam.d/system-auth
# add like follows
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so
account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so
password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so
# add if you need ( create home directory automatically if it's none )
session     optional      pam_mkhomedir.so skel=/etc/skel umask=077
[root@linux ~]#vi /etc/nsswitch.conf
passwd:     files       ldap  # line 33: add
shadow:     files       ldap  # add
group:      files       ldap  # add
netgroup:   ldap        # line 57: change
automount: files ldap   # line 61: change
[root@linux ~]#vi /etc/sysconfig/authconfig
# line 18: change
USELDAP=yes
[root@linux ~]#chkconfig nslcd on
[root@linux ~]#shutdown -r now
www.serverlinux.vn login:fermi      # user on LDAP

Password:
Creating directory '/home/fermi'.
[fermi@www ~]$          # just logined
[fermi@www ~]$ passwd   # try to change LDAP password
Changing password for user fermi.
Enter login(LDAP) password:
New password:
Retype new password:
LDAP password information changed for fermi
passwd: all authentication tokens updated successfully.
Người đăng: vào lúc
Nhãn: ,

Bài đăng phổ biến