溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要介紹“怎么配置nss-pam-ldap”,在日常操作中,相信很多人在怎么配置nss-pam-ldap問題上存在疑惑,小編查閱了各式資料,整理出簡單好用的操作方法,希望對大家解答”怎么配置nss-pam-ldap”的疑惑有所幫助!接下來,請跟著小編一起來學習吧!
一、Centos7.repo/epel.repo 安裝
rpm -Uvh http://mirror.centos.org/centos/7/os/x86_64/Packages/centos-release-7-6.1810.2.el7.centos.x86_64.rpm
yum install epel-release*
二、nss-pam-ldap/openldap-clients安裝
yum install nss-pam-ldap* openldap-clients*
三、nss-pam-ldap配置
配置openldap-clients
### backup $ cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.`date +%F` ## 指向實際的OpenLdap-Server $ vi /etc/openldap/ldap.conf ... BASE dc=example,dc=com URI ldap://ldap.example.com:389 ... ## 校驗openldap-clients是可用 $ ldapsearch -x -b 'dc=example,dc=com'
$ vim /etc/ssh/sshd_config ... UsePAM yes ...
配置 /etc/sysconfig/authconfig
$ vi /etc/sysconf/authconfig ... USELDAP=yes USELDAPAUTH=yes USESHADOW=yes USESYSNETAUTH=yes USEMKHOMEDIR=yes ...
配置 /etc/nsswith.conf
$ vi /etc/nsswitch.conf ... passwd: files sss ldap shadow: files sss ldap group: files sss ldap ...
配置 /etc/pam.d/system-auth
$ vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent audit deny=5 unlock_time=900 auth sufficient pam_unix.so try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_ldap.so use_first_pass auth required pam_faillock.so authfail audit deny=5 unlock_time=900 auth required pam_deny.so account required pam_faillock.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so md5 shadow try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_mkhomedir.so umask=0077 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so ~
authconfigure-tui
Use LDAP
Use MD5 Passwords
Use Shadow Passwords
Use LDAP Authentication
Local authorization is sufficient
## 或者使用命令執行 authconfig --enableldap --enableldapauth --ldapserver=127.0.01 --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update --enablemd5 --enableshadow
驗證
getent passwd
su - ${username}
ssh ${username}@${host}
四、限制用戶、用戶組ssh登錄
$ vi /etc/nslcd.conf ... # The distinguished name of the search base. # 只有該OU下的,才可能可以登錄 base ou=Employees,ou=Pano Users,dc=pano,dc=com ...
五、
id: cannot find name for group ID 1000
https://www.lisenet.com/2016/setup-ldap-authentication-on-centos-7/
vi /etc/nslcd.conf ... uid nslcd gid ldap base ou=Users,dc=harry,dc=com ## 只需要該OU下的group base group ou=Groups,dc=harry,dc=com ... ## 進一步限制OU下的某些group ... #filter passwd (memberof=cn=g1,ou=Groups,dc=harry,dc=com) #filter passwd (!memberof=cn=g1,ou=Groups,dc=harry,dc=com) ...
到此,關于“怎么配置nss-pam-ldap”的學習就結束了,希望能夠解決大家的疑惑。理論與實踐的搭配能更好的幫助大家學習,快去試試吧!若想繼續學習更多相關知識,請繼續關注億速云網站,小編會繼續努力為大家帶來更多實用的文章!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
