in Linux, rhce

RHCE6 Preperation (5) – ldap, NIS, NTP, setfacl,vsftp

1, ldap for user authentication, without autofs

Bind to the ldap domain provided by 192.168.0.254 for user authentication. Note the following:
— ldapuserx should be able to log into your system, where x is your server number,but will not have a home directory until you have completed autofs requirement below
— All LDAP user have a password of “password”

in the ‘System->Administration->Authentication’ to open the “authentication configuration” UI,

in the “User Account Database” ,  select LDAP.

in the “LDAP search base DN”, fill as “dc=example, dc=com”

in the “LDAP server”, fill as: “instructor.example.com”

tick the “use TLS to encrypt connection”

then Download CA Certification, fill the URL as “http://instructor.example.com/pub/EXAMPLE-CA-CERT“.

in the “Authentication configuration”, select “LDAP password”

click apply,

the downloaded EXAMPLE-CA-CERT stored to the location as /etc/openldap/cacerts/, and the downloaded file had been renamed.

verify the password,

su - ldapuser3

the password is “password”, after login, there is no home directory to show on the command line, as there is no autofs to the home directory.

or use this command to verify:

getent passwd ldapuser3

trouble shooting, make sure the client installed,

rpm -qa | grep sssd*
yum install -y sssd*

try to restart sssd service,

service sssd restart

might be the certification didn’t downloaded well, can delete the certifications and re-do all the procedure,

cd /etc/openldap/cacerts
rm -rf *

might be the server issue, rebuild the database at the server,

cd /var/lib/ldap
rm -rf *
gls-setup-ldap
gls-rebuild-ldap

remove the certifications at the student computer and re-do all the procedure.

Error of “su: warning: cannot change directory to /home/guests/ldapuser3: No such file or directory”, cannot get the home directory, /home/guests/ldapuser3, solved by command below, or you refer to point 2 to solve the problem in an alternative way,
authconfig --enablemkhomedir --update
to get the user information, the below picture shows the detail,
ldap_user_fail

2, configure the autofs to the automount the home directory of NIS user, the ldapuser3 home directory is in the 192.168.0.254, as instructor.example.com:/home/guests/ldapuser3, ldapuser3 home directory should be automatically mounted to locally: /home/guests/ldapuser3

modify the /etc/auto.master

add one line, “/home/guests   /etc/auto.ldap”, the last level folder will be written in auto.ldap, 

create the /etc/auto.ldap

add one line: “ldapuser3   -rw    192.168.0.254:/home/guests/ldapuser3”

or this line will be more tolerable, “* -rw    192.168.0.254:/home/guests/&”

and you can also add some more parameters, “* -fstype=nfs,rw,vers=3    192.168.0.254:/home/guests/&”

restart the service autofs and set auto mount

service autofs restart
chkconfig autofs on

if you su – ldapuser3, the command line will jump to the home directory of the /home/guests/ldapuser3, you can also use mount -l and df -h to display the autofs result.

make sure the firewall of NFS set as permissive.

encountered one error, “su: warning: cannot change directory to /home/guests/ldapuser3:No such file or directory”, the /var/log/messages showing “failed” to create RPC listeners,exiting, which means the rpcbind somehow stopped,

service rpcbind start
chkconfig rpcbind on

Make sure NFS installed,

yum install showmount  #to install the nfs util

can test by this way,

cd /net/instructor.example.com/home/guests

3, Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that:
— the file /var/tmp/fstab is owned by root user
— the file /var/tmp/fstab belongs to group root user
— the file /var/tmp/fstab should not to be executable by anyone
— the user mary is able to read and write /var/tmp/fstab
— the user alice can neither write nor read /var/tmp/fstab
— all other users(current of future) have the ability read /var/tmp/fstab

cp /etc/fstab /var/tmp/
ll /var/tmp/fstab
setfacl -m u:mary:rw /var/tmp/fstab
setfacl -m u:alice:--- /var/tmp/fstab

4, configure the NTP

system-config-date or “System->Administration->Date & Time”

tick “Synchronize  date and time over the network” and add NTP server, “192.168.0.254”, then select the correct time zone.

5,  install the ftp server and make it be able to anonymously login, automatically start on startup

yum install -y vsftpd
/etc/init.d/vsftpd start
chkconfig vsftpd on

test the anonymous login,

touch /var/ftp/pub/test.txt

download this test.txt from the instructor computer.

lftp server3.example.com
get test.txt

 

 

Write a Comment

Comment