涛子 - 简单就是美

成单纯魁增,永继振国兴,克复宗清政,广开家必升

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

http://blog.father.gedow.net/2015/09/29/sssd-ldap-sudo/

yum -y install openldap-clients sssd
authconfig --enablesssd --enablesssdauth --enableldap --enableldapauth --ldapserver=ldaps://master.local,ldaps://slave.local --ldapbasedn='dc=suntv,dc=tv' --enablelocauthorize --enableldaptls --enablemkhomedir  --update

下载服务器的ca证书

wget http://master.local/ca.crt -O /etc/openldap/cacerts/ca.crt

配置/etc/openldap/ldap.conf

TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/ca.crt
TLS_REQCERT never 

/etc/sssd/sssd.conf

cat > /etc/sssd/sssd.conf << _EOF_
[sssd]
services = nss, pam
config_file_version = 2
domains = ldap

[domain/ldap]
debug_level = 9
cache_credentials = True
enumerate = false

id_provider = ldap
auth_provider = ldap
chpass_provider = ldap

ldap_uri = ldaps://master.local,ldaps://slave.local
ldap_search_base = dc=suntv,dc=tv
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/ca.crt
ldap_tls_reqcert = never
ldap_id_use_start_tls = false

entry_cache_timeout = 600
ldap_network_timeout = 2

[nss]
homedir_substring = /home
entry_negative_timeout        = 20
entry_cache_nowait_percentage = 50

filter_users = root
filter_groups = root

[pam]

[sudo]

[autofs]

[ssh]

[pac]
_EOF_
systemctl restart sssd
systemctl enable sssd
posted on 2016-09-22 16:21  北京涛子  阅读(771)  评论(0编辑  收藏  举报