sudo dnf install -y openldap-clients
yum install nss-pam-ldapd
yum install authselect
ldapsearch -x -LLL -H ldap://<LDAP 서버 IP 또는 도메인> -b "dc=jaeyong,dc=com"
sudo vi /etc/openldap/ldap.conf
BASE dc=jaeyong,dc=com
URI ldap:// 192.168.1.100
TLS_CACERTDIR /etc/openldap/cacerts
sudo authselect select sssd with-mkhomedir --force
vi /etc/nsclcd.conf
uri ldap://192.168.1.100
base dc=jaeyong,dc=com
binddn cn=ldapadm,dc=jaeyong,dc=com
bindpw admin_password
sudo vi /etc/nsswitch.conf
passwd: files sss
shadow: files sss
group: files sss
[root@DESKTOP-F4T7TCG sssd]# cat sssd.conf
[sssd]
config_file_version = 2
services = nss, pam,autofs
domains = default
[nss]
homedir_substring = /home
[pam]
[domain/default]
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://localhost
ldap_search_base = dc=jaeyong,dc=com
ldap_id_use_start_tls = False
#ldap_tls_cacertdir = /etc/openldap/certs
cache_credentials = False
ldap_tls_reqcert = never
sudo chmod 600 /etc/sssd/sssd.conf
sudo systemctl enable --now sssd
만약 인증서 부분 에러가 난다면 systemctl status sssd에서
sudo systemctl stop sssd
sudo rm -rf /var/lib/sss/db/*
sudo systemctl start sssd
sudo systemctl status sssd
[root@DESKTOP-F4T7TCG etc]# id test1
uid=9999(test1) gid=100(users) groups=100(users)
[root@DESKTOP-F4T7TCG etc]#
'나는 노동자 > LINUX' 카테고리의 다른 글
| rpm으로 패키지 설치 유무 확인 (0) | 2023.05.09 |
|---|---|
| ansible extra vars (0) | 2023.02.13 |
| ansible 물리서버, 가성서버 확인 (0) | 2023.02.07 |
| ansible facts device check (0) | 2023.02.04 |
| 리눅스 임시 포트 오픈 (0) | 2023.01.12 |