1, ldap for user authentication, without autofs
Bind to the ldap domain provided by 192.168.0.254 for user authentication. Note the following:
-- ldapuserx should be able to log into your system, where x is your server number,but will not have a home directory until you have completed autofs requirement below
-- All LDAP user have a password of "password"
in the 'System->Administration->Authentication' to open the "authentication configuration" UI,
in the "User Account Database" , select LDAP.
in the "LDAP search base DN", fill as "dc=example, dc=com"
in the "LDAP server", fill as: "instructor.example.com"
tick the "use TLS to encrypt connection"
then Download CA Certification, fill the URL as "http://instructor.example.com/pub/EXAMPLE-CA-CERT".
in the "Authentication configuration", select "LDAP password"
click apply,
the downloaded EXAMPLE-CA-CERT stored to the location as /etc/openldap/cacerts/, and the downloaded file had been renamed.
verify the password,
the password is "password", after login, there is no home directory to show on the command line, as there is no autofs to the home directory.
or use this command to verify:
trouble shooting, make sure the client installed,
try to restart sssd service,
might be the certification didn't downloaded well, can delete the certifications and re-do all the procedure,
might be the server issue, rebuild the database at the server,
remove the certifications at the student computer and re-do all the procedure.
Error of "su: warning: cannot change directory to /home/guests/ldapuser3: No such file or directory", cannot get the home directory, /home/guests/ldapuser3, solved by command below, or you refer to point 2 to solve the problem in an alternative way,
authconfig --enablemkhomedir --update
to get the user information, the below picture shows the detail,
2, configure the autofs to the automount the home directory of NIS user, the ldapuser3 home directory is in the 192.168.0.254, as instructor.example.com:/home/guests/ldapuser3, ldapuser3 home directory should be automatically mounted to locally: /home/guests/ldapuser3
modify the /etc/auto.master
add one line, "/home/guests /etc/auto.ldap", the last level folder will be written in auto.ldap,
create the /etc/auto.ldap
add one line: "ldapuser3 -rw 192.168.0.254:/home/guests/ldapuser3"
or this line will be more tolerable, "* -rw 192.168.0.254:/home/guests/&"
and you can also add some more parameters, "* -fstype=nfs,rw,vers=3 192.168.0.254:/home/guests/&"
restart the service autofs and set auto mount
if you su - ldapuser3, the command line will jump to the home directory of the /home/guests/ldapuser3, you can also use mount -l and df -h to display the autofs result.
make sure the firewall of NFS set as permissive.
encountered one error, "su: warning: cannot change directory to /home/guests/ldapuser3:No such file or directory", the /var/log/messages showing "failed" to create RPC listeners,exiting, which means the rpcbind somehow stopped,
Make sure NFS installed,
can test by this way,
3, Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that:
-- the file /var/tmp/fstab is owned by root user
-- the file /var/tmp/fstab belongs to group root user
-- the file /var/tmp/fstab should not to be executable by anyone
-- the user mary is able to read and write /var/tmp/fstab
-- the user alice can neither write nor read /var/tmp/fstab
-- all other users(current of future) have the ability read /var/tmp/fstab
4, configure the NTP
system-config-date or "System->Administration->Date & Time"
tick "Synchronize date and time over the network" and add NTP server, "192.168.0.254", then select the correct time zone.
5, install the ftp server and make it be able to anonymously login, automatically start on startup
test the anonymous login,
download this test.txt from the instructor computer.