Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2016/02/29 22:11] billdozor [AutoFS and NFS Share] |
linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure A System To Use An Existing Authentication Service For User And Group Information ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | About this page/ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Ways to Configure ====== | ||
- | |||
- | * authconfig => command line utility that you have to specify all command line options when joining the domain | ||
- | * authconfig-tui => menu drive text user interface, select options from a list | ||
- | * authconfig-gtk => GUI utility for domain authentication setup | ||
- | |||
- | Two different back-end authentication daemons can be used: | ||
- | * sssd => System Security Services Daemon | ||
- | * This is the preferred/ | ||
- | * nslcd => Name Service LDAP Connection Daemon | ||
- | * This is the legacy daemon | ||
- | * Requires force legacy is set in / | ||
- | |||
- | ---- | ||
- | |||
- | ==== authconfig ==== | ||
- | |||
- | Configuring LDAP authentication with authconfig cli and SSSD. | ||
- | |||
- | * Install client packages< | ||
- | * Setup authentication< | ||
- | * Copy the IPA CA cert to the local system< | ||
- | * Edit / | ||
- | ldap_id_use_start_tls = True | ||
- | ldap_tls_cacertdir = / | ||
- | ldap_tls_reqcert = never</ | ||
- | * If you do not do this, the sssd service will report ca cert trust issues. | ||
- | * Restart sssd< | ||
- | * You should now be able to authenticate as a LDAP user. | ||
- | |||
- | ---- | ||
- | |||
- | ==== authconfig-tui ==== | ||
- | |||
- | Configuring LDAP authentication with authconfig-tui and SSSD back-end. | ||
- | |||
- | * Install client packages< | ||
- | * Launch authconfig-tui< | ||
- | * Authentication Configuration box | ||
- | * User Information: | ||
- | * Authentication: | ||
- | * Do not unselect any defaults; Next when done | ||
- | * LDAP Settings | ||
- | * Select "Use TLS" | ||
- | * Server: ldap:// | ||
- | * Base DN: dc=example, | ||
- | * Ok when done, Ok on the warning screen about copying the CA Cert. | ||
- | * Copy the IPA CA cert to the local system< | ||
- | * Enable auto creation of home directories< | ||
- | * Edit / | ||
- | ldap_id_use_start_tls = True | ||
- | ldap_tls_cacertdir = / | ||
- | ldap_tls_reqcert = never</ | ||
- | * If you do not do this, the sssd service will report ca cert trust issues. | ||
- | * Restart sssd< | ||
- | * You should now be able to authenticate as a LDAP user. | ||
- | |||
- | ---- | ||
- | |||
- | ==== GUI method: authconfig-gtk ==== | ||
- | |||
- | LDAP authentication via GUI setup and nslcd back-end. | ||
- | |||
- | Install authconfig gui | ||
- | <code bash> | ||
- | yum -y install authconfig-gtk | ||
- | </ | ||
- | |||
- | Open the GUI app | ||
- | * Applications > Sundry > Authentication | ||
- | * On the " | ||
- | * User Account Database: Select LDAP from the drop-down | ||
- | * This will display an extra package that is required " | ||
- | * Click the " | ||
- | <code bash> | ||
- | yum install -y nss-pam-ldapd | ||
- | yum install -y pam_krb5 | ||
- | </ | ||
- | * Note: After installing " | ||
- | * Identity & Authentication tab | ||
- | * User Account Database: LDAP | ||
- | * LDAP Search Base DN: dc=example, | ||
- | * LDAP Server: ldap:// | ||
- | * Check "Use TLS to encrypt connections" | ||
- | * Click " | ||
- | * Enter URL of ca cert Example: ftp:// | ||
- | * Click Ok | ||
- | * Advanced Options tab | ||
- | * Other Authentication Options: Check " | ||
- | * Password Options tab | ||
- | * Change any password property requirements | ||
- | * Click Apply | ||
- | * Edit / | ||
- | * Restart nslcd< | ||
- | * Authentication via LDAP will now work. | ||
- | |||
- | ---- | ||
- | |||
- | ==== AutoFS and NFS Share ==== | ||
- | |||
- | Auto mounting NFS shared user home directories. | ||
- | |||
- | Install AutoFS and NFS utils | ||
- | <code bash> | ||
- | yum -y install autofs nfs-utils | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a new Master autofs file in / | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | /home/users / | ||
- | </ | ||
- | * In EL7, the "/ | ||
- | |||
- | \\ | ||
- | Configure the new autofs indirect mount file | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | * -rw myserver.com:/ | ||
- | </ | ||
- | * The "&" | ||
- | * " | ||
- | |||
- | \\ | ||
- | Ensure autofs is started and enabled at boot | ||
- | <code bash> | ||
- | systemctl start autofs && systemctl enable autofs | ||
- | </ | ||
- | |||
- | \\ | ||
- | Configure sshd to allow ldap logins and restart sshd | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | auth sufficient | ||
- | auth sufficient | ||
- | |||
- | systemctl restart sshd | ||
- | </ | ||
- | |||
- | ---- | ||