openldap加密传输sssd
2016-09-22 16:21
323 查看
http://blog.father.gedow.net/2015/09/29/sssd-ldap-sudo/
yum -y install openldap-clients sssd
authconfig --enablesssd --enablesssdauth --enableldap --enableldapauth --ldapserver=ldaps://master.local,ldaps://slave.local --ldapbasedn='dc=suntv,dc=tv' --enablelocauthorize --enableldaptls --enablemkhomedir --update
下载服务器的ca证书
wget http://master.local/ca.crt -O /etc/openldap/cacerts/ca.crt
配置/etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/cacerts TLS_CACERT /etc/openldap/cacerts/ca.crt TLS_REQCERT never
/etc/sssd/sssd.conf
cat > /etc/sssd/sssd.conf << _EOF_ [sssd] services = nss, pam config_file_version = 2 domains = ldap [domain/ldap] debug_level = 9 cache_credentials = True enumerate = false id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldaps://master.local,ldaps://slave.local ldap_search_base = dc=suntv,dc=tv ldap_tls_cacertdir = /etc/openldap/cacerts ldap_tls_cacert = /etc/openldap/cacerts/ca.crt ldap_tls_reqcert = never ldap_id_use_start_tls = false entry_cache_timeout = 600 ldap_network_timeout = 2 [nss] homedir_substring = /home entry_negative_timeout = 20 entry_cache_nowait_percentage = 50 filter_users = root filter_groups = root [pam] [sudo] [autofs] [ssh] [pac] _EOF_
systemctl restart sssd systemctl enable sssd
相关文章推荐
- [Linux] chown && chmod && 777
- SolrCloud+Tomcat+Zookeeper配置----参考二
- docker的安装以及常用命令
- Ubuntu14.04中烧写bootloader时,提示“watting for device”的等待的解决方法
- nginx系列-00-编译安装-CentOS/RedHat
- scp 命令详解
- Crontab 总结
- Bash常用快捷键
- 软件架构分解
- liferay portal + nginx 公告、留言板或者文档中心添加完成后,不会返回上一页面的解决方法
- 从未停止!OpenGL的版本历史和发展
- 配置nginx负载均衡时候Nginx服务器导致CSS无法解析不起效果
- 第9章代码《跟老男孩学习Linux运维:Shell编程实战》201702更新
- 第9章代码《跟老男孩学习Linux运维:Shell编程实战》201702更新
- [Linux]--ls -l 的详细信息解读
- [Linux]---Add a new user to sudo group
- Linux下的静态库、动态库和动态加载库
- 压力测试后,解决NGINX + CAS双机负载问题
- 跨越opengl和d3d的鸿沟(四):完结篇,平台和未来
- 配置web Server