yun安装
#yun安装
#yum -y install sssd sssd-client sssd-ldap sssd-tools authconfig nss-pam-ldapd oddjob-mkhomedir mlocate
yum -y install openldap-clients mlocate sssd authconfig oddjob-mkhomedir nss-pam-ldapd
执行如下命令配置并启用sssd服务
#执行如下命令配置并启用sssd服务
authconfig \
--enablesssd \
--enablesssdauth \
--enablerfc2307bis \
--enableldap \
--enableldapauth \
--disableforcelegacy \
--disableldaptls \
--disablekrb5 \
--enablemkhomedir \
--ldapserver ldap://172.21.35.243:389 \
--ldapbasedn "dc=hadoop,dc=com" \
--update
#getsebool: SELinux is disabled
修改/etc/sssd/sssd.conf文件,在执行authconfig命令时会默认生成,如果文件不存在则新建
#修改/etc/sssd/sssd.conf文件,在执行authconfig命令时会默认生成,如果文件不存在则新建
#ldap_search_base、ldap_uri根据实际情况进行修改
[domain/default]
autofs_provider = ldap
ldap_schema = rfc2307bis
ldap_search_base = dc=hadoop,dc=com
krb5_realm = EXAMPLE.COM
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://172.21.35.243:389
ldap_id_use_start_tls = False
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
[sssd]
services = nss, pam, autofs
domains = default
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
修改sssd.conf文件权限
#修改sssd.conf文件权限
chmod 600 /etc/sssd/sssd.conf
启动相关服务并加入系统自启动
#启动相关服务并加入系统自启动
systemctl start sssd
systemctl enable sssd
systemctl status sssd
systemctl start oddjobd
systemctl enable oddjobd
systemctl status oddjobd
systemctl start nslcd
systemctl enable nslcd
systemctl status nslcd
#service nslcd start
#chkconfig nslcd on
清空sssd的缓存
#清空sssd的缓存
sss_cache -E
#通过id查看用户OpenLDAP的用户
id testuser
#uid=1000(testuser) gid=1000(testuser) groups=1000(testuser)
cat /etc/passwd | grep testuser
#可以看到testuser用户是通过OpenLDAP添加的,在本地是没有testuser这个用户。
#核验文件
#nslcd.conf文件
vim /etc/nslcd.conf
#更改为
uri ldap://172.21.35.243/
base dc=hadoop,dc=com
下面这几个文件配置都会更改,做完上面的步骤自己可以排查一下
vim /etc/openldap/ldap.conf
vim /etc/nslcd.conf
vim /etc/sssd/sssd.conf
vim /etc/ssh/sshd_config
vim /etc/pam.d/sshd
vim /etc/pam.d/system-auth
vim /etc/pam.d/password-auth