1, ldap for user authentication, without autofs
Bind to the ldap domain provided by 192.168.0.254 for user authentication. Note the following:
— ldapuserx should be able to log into your system, where x is your server number,but will not have a home directory until you have completed autofs requirement below
— All LDAP user have a password of “password”
in the ‘System->Administration->Authentication’ to open the “authentication configuration” UI,
in the “User Account Database” , select LDAP.
in the “LDAP search base DN”, fill as “dc=example, dc=com”
in the “LDAP server”, fill as: “instructor.example.com”
tick the “use TLS to encrypt connection”
then Download CA Certification, fill the URL as “http://instructor.example.com/pub/EXAMPLE-CA-CERT“.
in the “Authentication configuration”, select “LDAP password”
the downloaded EXAMPLE-CA-CERT stored to the location as /etc/openldap/cacerts/, and the downloaded file had been renamed.
verify the password,
su - ldapuser3
the password is “password”, after login, there is no home directory to show on the command line, as there is no autofs to the home directory.
or use this command to verify:
getent passwd ldapuser3
trouble shooting, make sure the client installed,
rpm -qa | grep sssd* yum install -y sssd*
try to restart sssd service,
service sssd restart
might be the certification didn’t downloaded well, can delete the certifications and re-do all the procedure,
rm -rf *
might be the server issue, rebuild the database at the server,
cd /var/lib/ldap rm -rf *
remove the certifications at the student computer and re-do all the procedure.
Error of “su: warning: cannot change directory to /home/guests/ldapuser3: No such file or directory”, cannot get the home directory, /home/guests/ldapuser3, solved by command below, or you refer to point 2 to solve the problem in an alternative way,
authconfig --enablemkhomedir --update
to get the user information, the below picture shows the detail,
2, configure the autofs to the automount the home directory of NIS user, the ldapuser3 home directory is in the 192.168.0.254, as instructor.example.com:/home/guests/ldapuser3, ldapuser3 home directory should be automatically mounted to locally: /home/guests/ldapuser3
modify the /etc/auto.master
add one line, “/home/guests /etc/auto.ldap”, the last level folder will be written in auto.ldap,
create the /etc/auto.ldap
add one line: “ldapuser3 -rw 192.168.0.254:/home/guests/ldapuser3”
or this line will be more tolerable, “* -rw 192.168.0.254:/home/guests/&”
and you can also add some more parameters, “* -fstype=nfs,rw,vers=3 192.168.0.254:/home/guests/&”
restart the service autofs and set auto mount
service autofs restart chkconfig autofs on
if you su – ldapuser3, the command line will jump to the home directory of the /home/guests/ldapuser3, you can also use mount -l and df -h to display the autofs result.
make sure the firewall of NFS set as permissive.
encountered one error, “su: warning: cannot change directory to /home/guests/ldapuser3:No such file or directory”, the /var/log/messages showing “failed” to create RPC listeners,exiting, which means the rpcbind somehow stopped,
service rpcbind start chkconfig rpcbind on
Make sure NFS installed,
yum install showmount #to install the nfs util
can test by this way,
3, Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that:
— the file /var/tmp/fstab is owned by root user
— the file /var/tmp/fstab belongs to group root user
— the file /var/tmp/fstab should not to be executable by anyone
— the user mary is able to read and write /var/tmp/fstab
— the user alice can neither write nor read /var/tmp/fstab
— all other users(current of future) have the ability read /var/tmp/fstab
cp /etc/fstab /var/tmp/ ll /var/tmp/fstab
setfacl -m u:mary:rw /var/tmp/fstab setfacl -m u:alice:--- /var/tmp/fstab
4, configure the NTP
system-config-date or “System->Administration->Date & Time”
tick “Synchronize date and time over the network” and add NTP server, “192.168.0.254”, then select the correct time zone.
5, install the ftp server and make it be able to anonymously login, automatically start on startup
yum install -y vsftpd /etc/init.d/vsftpd start chkconfig vsftpd on
test the anonymous login,
download this test.txt from the instructor computer.
lftp server3.example.com get test.txt