How to configure LDAP client on RHEL 6.x
First we have to make sure, that we have LDAP client group installed.
#yum -y groupinstall directory-client
After installing package group, we can configure LDAP client either using GUI tool or using CLI tool:
#system-config-authentication &
GUI Tool for configuration of ldap
-OR-
#authconfig --enableldap --enableldapauth
--ldapserver=ldapsrv.ynetwork.org
--ldapbasedn="dc=ynetwork,dc=org"
--enableldaptls
--ldaploadcacert=http://ldapsrv.ynetwork.org/pub/ynetwork-ca.crt
--enablesssd
--enablesssdauth
--update
CLI Tool to configure LDAP client
#getent passwd user1
Assuming you have 'user1' created in LDAP server
#ssh user1@localhost
Test using ssh or su in your local system with ldap user account
Now its not possible to create home directory of all ldap based users in all hosts, so we shall use NFS to automatically mount their home directory with they log in.
#vim /etc/auto.master
/home/remote /etc/auto.remote
(Assuming /home/remote/user1 is the home directory for 'user1')
#showmount -e ldapsrv.ynetwork.org
Our ldap server can also be a NFS server, hosting home directories for all users, so determine NFS shares using above command.
#vim /etc/auto.remote
user1 -rw ldapsrv.ynetwork.org:/home/remote/user1
(SYNTAX: username -options nfsserver.fqdn:/home/dir)
#service autofs reload
Reload all indirect maps
#ssh user1@localhost
Test again with user1
How to configure LDAP client using kerberos authentication
#yum -y install krb5-workstation openldap-clients
Install required packages for kerberos authentication(Assuming you already have all required ldap packages)
#authconfig --enableldap --disableldapauth
--ldapserver=ldapsrv.ynetwork.org
--ldapbasedn="dc=ynetwork,dc=org"
--enableldaptls
--ldaploadcacert=http://ldapsrv.ynetwork.org/pub/ynetwork-ca.crt
--enablekrb5
--krb5kdc=ldapsrv.ynetwork.org
--krb5adminserver=ldapsrv.ynetwork.org
--krb5realm=YNETWORK.ORG
--enablesssd
--enablesssdauth
--update
(Configuring LDAP with kerberos using cli tool of 'authconfig')
#getent passwd user1
Test your communication using one of the user.
#ssh user1@localhost
Use kerberos password instead of ldap password.
First we have to make sure, that we have LDAP client group installed.
#yum -y groupinstall directory-client
After installing package group, we can configure LDAP client either using GUI tool or using CLI tool:
#system-config-authentication &
GUI Tool for configuration of ldap
-OR-
#authconfig --enableldap --enableldapauth
--ldapserver=ldapsrv.ynetwork.org
--ldapbasedn="dc=ynetwork,dc=org"
--enableldaptls
--ldaploadcacert=http://ldapsrv.ynetwork.org/pub/ynetwork-ca.crt
--enablesssd
--enablesssdauth
--update
CLI Tool to configure LDAP client
#getent passwd user1
Assuming you have 'user1' created in LDAP server
#ssh user1@localhost
Test using ssh or su in your local system with ldap user account
Now its not possible to create home directory of all ldap based users in all hosts, so we shall use NFS to automatically mount their home directory with they log in.
#vim /etc/auto.master
/home/remote /etc/auto.remote
(Assuming /home/remote/user1 is the home directory for 'user1')
#showmount -e ldapsrv.ynetwork.org
Our ldap server can also be a NFS server, hosting home directories for all users, so determine NFS shares using above command.
#vim /etc/auto.remote
user1 -rw ldapsrv.ynetwork.org:/home/remote/user1
(SYNTAX: username -options nfsserver.fqdn:/home/dir)
#service autofs reload
Reload all indirect maps
#ssh user1@localhost
Test again with user1
How to configure LDAP client using kerberos authentication
#yum -y install krb5-workstation openldap-clients
Install required packages for kerberos authentication(Assuming you already have all required ldap packages)
#authconfig --enableldap --disableldapauth
--ldapserver=ldapsrv.ynetwork.org
--ldapbasedn="dc=ynetwork,dc=org"
--enableldaptls
--ldaploadcacert=http://ldapsrv.ynetwork.org/pub/ynetwork-ca.crt
--enablekrb5
--krb5kdc=ldapsrv.ynetwork.org
--krb5adminserver=ldapsrv.ynetwork.org
--krb5realm=YNETWORK.ORG
--enablesssd
--enablesssdauth
--update
(Configuring LDAP with kerberos using cli tool of 'authconfig')
#getent passwd user1
Test your communication using one of the user.
#ssh user1@localhost
Use kerberos password instead of ldap password.
No comments:
Post a Comment