Инструменты пользователя

Инструменты сайта


srvldap:bind_centos5

Настройка аутентификации в OS Linux CentOS 5 (LDAP)

Настройка

  • 1. Отредактировать файл /etc/nsswitch.conf:
passwd:     files ldap
shadow:     files ldap
group:      files ldap
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   nisplus ldap
publickey:  nisplus
automount:  files nisplus ldap
aliases:    files nisplus


  • 2. Отредактировать /etc/ldap.conf:
base dc=gccc,dc=ru
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
uri ldap://10.6.0.65
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5


  • 3. Отредактировать /etc/openldap/ldap.conf:
URI ldap://10.6.0.65
BASE dc=gccc,dc=ru
TLS_CACERTDIR /etc/openldap/cacerts


  • 4. Отредактировать /etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so

Тестирование

# id test
uid=10999(test) gid=1000(gccc) groups=1000(gccc)
srvldap/bind_centos5.txt · Последние изменения: 2014/05/23 07:37 — Alex