next up previous contents
Next: systemctl 系統服務控制 Up: LDAP的網路用戶帳號 Previous: LDAP簡介   Contents

LDAP Client 端設定

  1. 安裝套件
    [root@kvm4 ~]# yum install {openldap,openldap-clients,nss-pam-ldapd}
    
  2. LDAP server條件
    1. ldap server: deyu.wang
    2. base dn: dc=deyu,dc=wang
    3. 認證證書: ftp://deyu.wang/pub/cacert.pem
    4. 帳號: ldapuser1
    5. 密碼: 123
    
  3. 以authconfig命令幫忙設定LDAP認證
    [root@kvmr4 ~]# authconfig --help | grep ldap
      --enableldap          enable LDAP for user information by default
      --disableldap         disable LDAP for user information by default
      --enableldapauth      enable LDAP for authentication by default
      --disableldapauth     disable LDAP for authentication by default
      --ldapserver=<server>
      --ldapbasedn=<dn>     default LDAP base DN
      --enableldaptls, --enableldapstarttls
      --disableldaptls, --disableldapstarttls
      --ldaploadcacert=<URL>
    
    [root@kvm4 ~]#  authconfig --enableldap --enableldapauth \
    --ldapserver=deyu.wang --ldapbasedn="dc=deyu,dc=wang" --enableldaptls --enableldapstarttls \
    --ldaploadcacert=ftp://deyu.wang/pub/cacert.pem --update
    

  4. 檢查要登入的帳號是否存在?
    [root@kvm4 ~]# getent passwd ldapuser1
    ldapuser1:{SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP:1001:1001:ldapuser1:/home/guests/ldapuser1:/bin/bash
    
  5. 登入測試
    [root@kvm4 ~]# su - ldapuser1
    su: warning: cannot change directory to /home/guests/ldapuser1: No such file or directory
    -bash-4.1$
    
  6. 若已掛載 NFS 後,登入 LDAP 帳號已有家目錄
    [root@kvm4 ~]# getent passwd ldapuser1
    ldapuser1:{SSHA}HAvRpYe5TR88asauGqYtoCFzT7qHYqjP:1001:1001:ldapuser1:/home/guests/ldapuser1:/bin/bash
    [root@kvm4 ~]# su - ldapuser1
    [ldapuser1@kvm4 ~]$ pwd
    /home/guests/ldapuser1
    
  7. LDAP client 圖形界面設定工具
    [root@kvm4 cacerts]# system-config-authentication
    1. Under, "User account database" select LDAP
    2. For "base DN", enter 'dc=deyu,dc=wang'
    3. For "LDAP Server", enter 'ldap://deyu.wang'
    4. Click "Download certificate" and use
    ftp://deyu.wang/pub/cacert.pem
    5. Leave TLS *UNCHECKED*
    6. Under "Authentication Method", select LDAP
    7. Select Apply and complete firstboot setup
    


2018-04-11