Differences

This shows you the differences between two versions of the page.

--- linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2016/03/05 17:27]
billdozor [Configure A System To Use An Existing Authentication Service For User And Group Information]
+++ linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2018/03/20 23:38]
billdozor [AutoFS and NFS Share]
@@ Line 34: / Line 34: @@
   * Install client packages<code bash>yum install sssd</code>
-  * Setup authentication<code bash>authconfig --enableldap --enableldapauth --enableldapstarttls --ldapserver="ldap://ipa.example.com" --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update</code>
+  * Setup authentication<code bash>authconfig --enableldap --enableldapauth --ldapserver="ipa.example.com" --ldapbasedn="dc=example,dc=com" --enableldapstarttls --enablemkhomedir --update</code>
     * enableldap => use ldap for identification
     * enableldapauth => use ldap for authentication
-    * enableldapstarttls => start TLS encryption over the standard ldap port (tcp/389)
+    * ldapserver => the fully qualified name of the IPA server
-    * ldapserver => the ldap FQDN with the ldap protocol specification
     * ldapbasedn => the base of the ldap tree
+    * enableldapstarttls => start TLS encryption over the standard ldap port (tcp/389)
     * enablemkhomedir => allow the local system to create home directories if they don't exist
     * update => update system config files with these changes. (**the entire command will not do ANYTHING if you forget this option**)
@@ Line 47: / Line 47: @@
 ldap_tls_cacertdir = /etc/openldap/cacerts
 ldap_tls_reqcert = never</code>
-    * If you do not do this, the sssd service will report ca cert trust issues (in the output of "systemctl status sssd" due to a self-signed cert).
+    * If you do not do this, the sssd service will report ca cert trust issues (in the output of "systemctl status sssd -l" due to a self-signed cert).
+    * If you can't remember the "ldap_tls_reqcert" line:
+      * Look at the **man page of "sssd-ldap"**<code bash>man sssd-ldap</code>
+      * Search for "tls_" to view config options and the "Example" section for formatting.
   * Restart sssd<code bash>systemctl restart sssd</code>
   * You should now be able to authenticate as a LDAP user.
@@ Line 133: / Line 137: @@
 \\
-Create a new Master autofs file in /etc/auto.master.d/ and have it look to the /etc/auto.home config
+Create a new Master Map autofs file in /etc/auto.master.d/ and have it look to the /etc/auto.home config
 <code bash>
 vim /etc/auto.master.d/home.autofs
+# For sub directories of /home/users, look at /etc/auto.home for mappings
 /home/users /etc/auto.home
 </code>
@@ Line 142: / Line 147: @@
 \\
-Configure the new autofs indirect mount file
+Configure the new autofs indirect mappings mount file
 <code bash>
 vim /etc/auto.home
+# For any sub directory ("*"), mount read/write from myserver.com:/nfsshare/&
 *  -rw  myserver.com:/nfsshare/&
 </code>
-  * The "&" is replaced by the key in the first column (*)
+  * "*" is assigned the directory that is accessed. If someone tried to access "/home/users/luke", the "*" value is "luke".
-  * "*" is assigned the value that triggered access. If someone tried to access /home/users/luke, then "luke" will be the value of the key in the first column ("*")
+  * The "&" in the remote server line is replaced by the key in the first column (*). So if someone accesses "/home/users/luke", the remote system (myserver.com) gets an access attempt to "/nfsshare/luke"
 \\