LDAP网络用户账户
首先,重置虚拟机,使其主机名为server5
ip为172.25.5.10/11
配置yum源 http://172.25.5.254/content/rhel7
这个地址是可以在火狐中找到yum源的
然后yum clean all
如果出现一串串(看截屏pid)要执行 kill -9 pid编号
然后再yum clean all
之后建立脚本,然后执行(或者先下载sssd和krb5用authconfig-tui手动选择配置)
注:密码是kerboros
[[email protected] ~]# cat /bin/vm_authconfig.sh
#!/bin/bash
echo "install packages..."
yum install sssd krb5-workstation -y &>/dev/null
echo "config authconfig..."
authconfig \
--enableldap \
--enablekrb5 \
--disableldapauth \
--enableldaptls \
--ldapserver="classroom.example.com" \
--ldapbasedn="dc=example,dc=com" \
--ldaploadcacert=http://172.25.254.254/pub/example-ca.crt \
--krb5kdc="classroom.example.com" \
--krb5adminserver="classroom.example.com" \
--update
echo "ok !!"
##此时可以切换,但是没有家目录
完善脚本;
[[email protected] ~]# vim /bin/vm_authconfig.sh
[[email protected] ~]# vm_authconfig.sh
install packages...
config authconfig...
config autofs...
ok !!
[[email protected] ~]# cat /bin/vm_authconfig.sh
#!/bin/bash
echo "install packages..."
yum install sssd krb5-workstation autofs -y &>/dev/null
echo "config authconfig..."
authconfig \
--enableldap \
--enablekrb5 \
--disableldapauth \
--enableldaptls \
--ldapserver="classroom.example.com" \
--ldapbasedn="dc=example,dc=com" \
--ldaploadcacert=http://172.25.254.254/pub/example-ca.crt \
--krb5realm="EXAMPLE.COM" \
--krb5kdc="classroom.example.com" \
--krb5adminserver="classroom.example.com" \
--update
echo "config autofs..."
echo "/home/guests /etc/auto.ldap" >>/etc/auto.master
echo "* 172.25.254.254:/home/guests/&" >>/etc/auto.ldap
systemctl restart autofs
echo "ok !!"
[[email protected] ~]# su - ldapuser1
Last login: Sun Apr 30 04:22:37 EDT 2017 on pts/1
[[email protected] ~]$ touch file{1..8}
[[email protected] ~]$ ls
1 3 5 file1 file3 file5 file7 ldapuser1
2 4 Desktop file2 file4 file6 file8
[[email protected] ~]$ exit
logout
[[email protected] ~]#
之后可以在server用ldapuser1登陆,密码为kerberos。可以看到刚才建立的文件
手动方式:
先下载sssd和krb5用authconfig-tui手动选择配置
设置自动挂载
文件内容: