Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2016/03/05 17:02] billdozor [Ways to Configure] |
linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 4: | Line 4: | ||
Configuring a client to connect to an existing LDAP server.\\ | Configuring a client to connect to an existing LDAP server.\\ | ||
- | In order to test this, you will need to setup a FreeIPA server for the client to authenticate to. | + | In order to test this, you will need to [[http:// |
---- | ---- | ||
Line 34: | Line 34: | ||
* Install client packages< | * Install client packages< | ||
- | * Setup authentication< | + | * Setup authentication< |
* enableldap => use ldap for identification | * enableldap => use ldap for identification | ||
* enableldapauth => use ldap for authentication | * enableldapauth => use ldap for authentication | ||
- | | + | * ldapserver => the fully qualified name of the IPA server |
- | | + | |
* ldapbasedn => the base of the ldap tree | * ldapbasedn => the base of the ldap tree | ||
+ | * enableldapstarttls => start TLS encryption over the standard ldap port (tcp/389) | ||
* enablemkhomedir => allow the local system to create home directories if they don't exist | * enablemkhomedir => allow the local system to create home directories if they don't exist | ||
* update => update system config files with these changes. (**the entire command will not do ANYTHING if you forget this option**) | * update => update system config files with these changes. (**the entire command will not do ANYTHING if you forget this option**) | ||
Line 47: | Line 47: | ||
ldap_tls_cacertdir = / | ldap_tls_cacertdir = / | ||
ldap_tls_reqcert = never</ | ldap_tls_reqcert = never</ | ||
- | * If you do not do this, the sssd service will report ca cert trust issues (in the output of " | + | * If you do not do this, the sssd service will report ca cert trust issues (in the output of " |
+ | * If you can't remember the " | ||
+ | * Look at the **man page of " | ||
+ | * Search for " | ||
* Restart sssd< | * Restart sssd< | ||
* You should now be able to authenticate as a LDAP user. | * You should now be able to authenticate as a LDAP user. | ||
Line 133: | Line 137: | ||
\\ | \\ | ||
- | Create a new Master autofs file in / | + | Create a new Master |
<code bash> | <code bash> | ||
vim / | vim / | ||
+ | # For sub directories of / | ||
/home/users / | /home/users / | ||
</ | </ | ||
Line 142: | Line 147: | ||
\\ | \\ | ||
- | Configure the new autofs indirect mount file | + | Configure the new autofs indirect |
<code bash> | <code bash> | ||
vim / | vim / | ||
+ | # For any sub directory (" | ||
* -rw myserver.com:/ | * -rw myserver.com:/ | ||
</ | </ | ||
- | | + | * " |
- | | + | * The "&" |
\\ | \\ | ||
Ensure autofs is started and enabled at boot | Ensure autofs is started and enabled at boot | ||
<code bash> | <code bash> | ||
- | systemctl start autofs | + | systemctl start autofs |
+ | systemctl enable autofs | ||
</ | </ | ||
---- | ---- | ||