linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2018/03/20 22:41]
billdozor [authconfig] 		linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information [2019/05/25 23:50] (current)
Line 47: Line 47:
 ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_cacertdir = /etc/openldap/cacerts
 ldap_tls_reqcert = never</code> ldap_tls_reqcert = never</code>
-    * If you do not do this, the sssd service will report ca cert trust issues (in the output of "systemctl status sssd" due to a self-signed cert).+    * If you do not do this, the sssd service will report ca cert trust issues (in the output of "systemctl status sssd -l" due to a self-signed cert). 
 +    * If you can't remember the "ldap_tls_reqcert" line: 
 +      * Look at the **man page of "sssd-ldap"**<code bash>man sssd-ldap</code> 
 +      * Search for "tls_" to view config options and the "Example" section for formatting. 
   * Restart sssd<code bash>systemctl restart sssd</code>   * Restart sssd<code bash>systemctl restart sssd</code>
   * You should now be able to authenticate as a LDAP user.   * You should now be able to authenticate as a LDAP user.
Line 133: Line 137:
  
 \\ \\
-Create a new Master autofs file in /etc/auto.master.d/ and have it look to the /etc/auto.home config+Create a new Master Map autofs file in /etc/auto.master.d/ and have it look to the /etc/auto.home config
 <code bash> <code bash>
 vim /etc/auto.master.d/home.autofs vim /etc/auto.master.d/home.autofs
  
 +# For sub directories of /home/users, look at /etc/auto.home for mappings
 /home/users /etc/auto.home /home/users /etc/auto.home
 </code> </code>
Line 142: Line 147:
  
 \\ \\
-Configure the new autofs indirect mount file+Configure the new autofs indirect mappings mount file
 <code bash> <code bash>
 vim /etc/auto.home vim /etc/auto.home
  
 +# For any sub directory ("*"), mount read/write from myserver.com:/nfsshare/&
 *  -rw  myserver.com:/nfsshare/& *  -rw  myserver.com:/nfsshare/&
 </code> </code>
-  * The "&" is replaced by the key in the first column (*) +  * "*" is assigned the directory that is accessed. If someone tried to access "/home/users/luke"the "*" value is "luke"
-  * "*" is assigned the value that triggered access. If someone tried to access /home/users/luke, then "luke" will be the value of the key in the first column ("*")+  * The "&" in the remote server line is replaced by the key in the first column (*). So if someone accesses "/home/users/luke", the remote system (myserver.comgets an access attempt to "/nfsshare/luke"
  
 \\ \\
 Ensure autofs is started and enabled at boot Ensure autofs is started and enabled at boot
 <code bash> <code bash>
-systemctl start autofs && systemctl enable autofs+systemctl start autofs 
 +systemctl enable autofs
 </code> </code>
  
 ---- ----
  
  • linux_wiki/configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information.1521600088.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)