Linux Account Centrialized Management
NIS / LDAP
Configuration Tools
1. System-config-authencation
2. Authconfig-tui
Network Information Service (NIS)
Advantage: easy installation
Installation - Server side
1. install service: yum install ypserv
2. config service: vim /etc/ypserv.conf
un-omit the last line
3. change network:
A. vim /etc/sysconfig/network
add following context:
NISDOMAIN=basakar.com
YPSERV_AGRS="-p 1011"
B. vim /etc/sysconfig/yppasswdd
add context on the last line
YPPASSWDD_ARGS="--port 1012"
4. start service:
service ypserv start
service yppasswdd start
5. Create NIS account
A. mkdir /nisusers
B. create user:
useradd -d /nisusers nis1
useradd -d /nisusers nis2
passwd nis1
passwd nis2
C. import into NIS database:
/usr/lib64/yp/ypinit -m
Ctrl+D
y
6. restart service:
service ypserv restart
service yppasswdd restart
7. check port
netstat -antup | grep yp
8. Autostartup
chkconfig ypserv on
chkconfig yppasswdd on
Installation - Client side
1. Config NIS: system-config-authencation
2. Need to config the DNS service or change context of hosts file
3. change to nis1 user and change password to check
If the change password fail, please add the information in hosts file
NIS shortage
On client side, when the NIS service is started, input command "getent passwd" list all the user including nis user and password
Lightweight Directory Access Protocol (LDAP)
Installation Server side
1. have internet access
2. install package: yum install openldap-*
yum install openldap openldap-clients openldap-servers migrationtools
3. config openldap:
A. cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
B. cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
C. chmod 644 /var/lib/ldap/DB_CONFIG
D. chmod 644 /etc/openldap/slapd.conf
E. chcon -t slapd_db_t /var/lib/ldap/DB_CONFIG
F. vim /etc/openldap/slapd.conf
I. Change the suffix and rootdn in "database definitions" to domain name
II. un-omit the rootpw and set root password
III. Change the database monitor context to
access to *
by dn.exact="cn=Manager, dc=<domain name>,dc=com" read
by * none
4. start service: service slapd start
5. autostartup: chkconfig slapd on
6. create account by script
mkdir /ldapusers
useradd -d /ldapusers/sp1 sp1
useradd -d /ldapusers/sp2 sp2
passwd sp1
passwd sp2
7. load account to LDAP Database
A. install package: install migrationtools
B. cd /usr/share/migrationtools
C. vim migrate_common.ph: Change the domain name of parameter $DEFAULT_BASE and $DEFAULT_MAIL_DOMAIN
D. get information from passwd and group file
I. grep ^sp /etc/passwd>user
II. grep ^sp /etc/group>group
E. ./migrate_base.pl >base.ldif
F. vim base.ldif and only keep people, group and domain
G. ./migrate_passwd.pl user > user.ldif
H. ./migrate_group.pl group > group.ldif
I. ldapadd -x -D "cn=Manager, dc=<domain name>, dc=com" -W -f base.ldif
input password of rootpw
J. ldapadd -x -D "cn=Manager, dc=<domain name>, dc=com" -W -f user.ldif
K. ldapadd -x -D "cn=Manager, dc=<domain name>, dc=com" -W -f group.ldif
8. check network port: netstat -antup|grep slap
9. restart service slapd: service slapd restart
Installation Client Side
1. config ldap: system-config-authentication
LDAP Search Base DN: dc=<domain name>, dc=com
LDAP Server: ldap://<ldap server host name>
2. autostartup: service sssd on
3. login user sp1 to check
Remove the warning message
Sharefolder the home directory in server side
Server side
1. vim /etc/exports
Add following context
/ldapusers/sp1 *(rw,sync)
/ldapusers/sp2 *(rw,sync)
2. service nfs start
3. autostartup: chkconfig nfs on
Client side
1. vi /etc/auto.master
add following context
/ldapusers /etc/auto.ldapuser
2. vim /etc/auto.ldapuser
sp1 -fstype=nfs, rw <server host name>:/ldapusers/sp1
sp2 -fstype=nfs, rw <server host name>:/ldapusers/sp2
or
* -fstype=nfs, rw <server host name>:/ldapusers/&
3. service autofs restart
Comments
Post a Comment