LDAP and Kerberos Class

LDAP:
1. Install the required LDAP Packages “Openldap”
yum install -y *openldap* migrationtools
2. Configure the LDAP Database
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap/
3. Create a LDAP root password
slappasswd
4. Create the self-signed certificate
openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem -keyout /etc/openldap/certs/key.pem -days
365
ll /etc/openldap/certs/*.pem
chown ldap:ldap /etc/openldap/certs/*.pem
chmod 600 /etc/openldap/certs/key.pem
5. Edit the openLDAP server configuration
cd /etc/openldap/slapd.d/cn=config
vim olcDatabase={2}hdb.ldif
olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc= example,dc=com
olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL (Paste Key from slappasswd)

olcTLSCertificateFile: /etc/openldap/certs/cert.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/key.pem
6. Provide the Monitor Privileges
vim olcDatabase={1}monitor.ldif
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by

dn.base="cn=Manager,dc= example,dc=net" read by * none
7. Verify the configuration
slaptest –u
systemctl enable slapd
systemctl start slapd
8. Add the following LDAP Schemas
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
9. Generate a base.ldif file for your domain
vim /root/base.ldif
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example com
dc: example
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
10. Create a Local Users
useradd ldapuser1
useradd ldapuser2
echo "redhat" | passwd --stdin ldapuser1
echo "redhat" | passwd --stdin ldapuser2
11. Before Migrating Users and Groups modify migrate_common.ph
Create base objects in OpenLDAP
cd /usr/share/migrationtools/
vim migrate_common.ph
Modify in Line 71,74,90
$DEFAULT_MAIL_DOMAIN = "example.com";
$DEFAULT_BASE = "dc=example,dc=com";
$EXTENDED_SCHEMA = 1;
12. Filter out these user from /etc/passwd and /etc/group to another file
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group
Delete users Except Ldapusers from passwd and group
Now convert the Individual Users file to LDAP Data Interchange Format (LDIF)
Generate a ldif file for users and groups
cd /usr/share/migrationtools/
./migrate_passwd.pl /root/passwd /root/users.ldif

./migrate_group.pl /root/group /root/groups.ldif
13. Import Users in to the LDAP Database
ldapadd -x -w redhat -D "cn=Manager,dc=example,dc=com" -f /root/base.ldif
ldapadd -x -w redhat -D "cn=Manager,dc=example,dc=com" -f /root/users.ldif
ldapadd -x -w redhat -D "cn=Manager,dc=example,dc=com" -f /root/groups.ldif

To Test the Configuration
ldapsearch -x cn=ldapuser1 -b dc=example,dc=com
It Prints all the user Information
ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
14. NFS Configuration to export the Home Directory
yum install nfs-utils –y
systemctl start nfs-server
systemctl enable nfs-server
#vim /etc/exports
/home *(rw,sync)
Showmount -e
1. Ldap Client Configuration to use LDAP server
#yum install -y openldap-clients nss-pam-ldapd

#authconfig-tui
Select * Use LDAP and LDAP Authentication
Server Field as “ldap://serverX.example.com”

Base DN Field as “dc=example,dc=com”
2. Ldap Client Configuration to use LDAP server
#getent passwd ldapuser1
3. Mount the LDAP Users Home Directory
/etc/fstab
serverX.example.com:/home /home auto defaults 0 0
4. yum install nfs-utils
showmount -e serverX (or)
5. Automount
yum install autofs -y
systemctl start autofs
systemctl enable autofs
vim /etc/auto.master
/home /etc/auto.misc
vim /etc/auto.misc
* -rw,sync server0:/home/&
systemctl restart autofs
6. Test
ssh ldapuser1@localhost
yum install krb5-server krb5-workstation pam_krb5
vim /var/kerberos/krb5kdc/kdc.conf
master_key_type = aes256-cts
default_principal_flags = +preauth
vim /etc/krb5.conf
vim /var/kerberos/krb5kdc/kadm5.acl
kdb5_util create -s -r EXAMPLE.COM
systemctl start krb5kdc kadmin

systemctl enable krb5kdc kadmin
firewall-cmd --permanent --add-service=kerberos

firewall-cmd --reload
useradd krbuser1
useradd krbuser2
kadmin.local
addprinc root/admin
addprinc krbuser1
addprinc krbuser1
addprinc -randkey host/desktop0.example.com
ktadd -k /tmp/desktop0.keytab host/desktop0.example.com
listprincs
quit
scp /etc/krb5.conf /tmp/desktop0.keytab desktop0:/tmp/

Desktop:
yum install krb5-workstation pam_krb5 -y
\cp /tmp/krb5.conf /etc/

ktutil
rkt /tmp/desktop0.keytab
wkt /etc/krb5.keytab
list
quit

LDAP and Kerberos Class

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

LDAP and Kerberos Class

Caricato da

Copyright:

Formati disponibili

LDAP:

1. Install the required LDAP Packages “Openldap”

yum install -y *openldap* migrationtools

2. Configure the LDAP Database

chown -R ldap:ldap /var/lib/ldap/

3. Create a LDAP root password

4. Create the self-signed certificate

chown ldap:ldap /etc/openldap/certs/*.pem

chmod 600 /etc/openldap/certs/key.pem

5. Edit the openLDAP server configuration

olcRootPW: {SSHA}bHSiwuPJEypHS6zHSE2Uy7M69sQjmkPL (Paste Key from slappasswd)

6. Provide the Monitor Privileges

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by

systemctl enable slapd

systemctl start slapd

8. Add the following LDAP Schemas

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

9. Generate a base.ldif file for your domain

10. Create a Local Users

echo "redhat" | passwd --stdin ldapuser1

echo "redhat" | passwd --stdin ldapuser2

11. Before Migrating Users and Groups modify migrate_common.ph

Create base objects in OpenLDAP

Modify in Line 71,74,90

Delete users Except Ldapusers from passwd and group

Generate a ldif file for users and groups

./migrate_passwd.pl /root/passwd /root/users.ldif

13. Import Users in to the LDAP Database

ldapadd -x -w redhat -D "cn=Manager,dc=example,dc=com" -f /root/base.ldif

ldapadd -x -w redhat -D "cn=Manager,dc=example,dc=com" -f /root/users.ldif

ldapadd -x -w redhat -D "cn=Manager,dc=example,dc=com" -f /root/groups.ldif

ldapsearch -x cn=ldapuser1 -b dc=example,dc=com

It Prints all the user Information

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

14. NFS Configuration to export the Home Directory

yum install nfs-utils –y

systemctl start nfs-server

systemctl enable nfs-server

#yum install -y openldap-clients nss-pam-ldapd

Select * Use LDAP and LDAP Authentication

Server Field as “ldap://serverX.example.com”

2. Ldap Client Configuration to use LDAP server

#getent passwd ldapuser1

3. Mount the LDAP Users Home Directory

serverX.example.com:/home /home auto defaults 0 0

4. yum install nfs-utils

showmount -e serverX (or)

yum install autofs -y

systemctl start autofs

systemctl enable autofs

yum install krb5-server krb5-workstation pam_krb5

systemctl start krb5kdc kadmin

firewall-cmd --permanent --add-service=kerberos

addprinc -randkey host/desktop0.example.com

ktadd -k /tmp/desktop0.keytab host/desktop0.example.com

scp /etc/krb5.conf /tmp/desktop0.keytab desktop0:/tmp/

\cp /tmp/krb5.conf /etc/

Potrebbero piacerti anche

yum install -y openldap migrationtools