openldap加密传输sssd
http://blog.father.gedow.net/2015/09/29/sssd-ldap-sudo/
yum -y install openldap-clients sssd
authconfig --enablesssd --enablesssdauth --enableldap --enableldapauth --ldapserver=ldaps://master.local,ldaps://slave.local --ldapbasedn='dc=suntv,dc=tv' --enablelocauthorize --enableldaptls --enablemkhomedir --update
下载服务器的ca证书
wget http://master.local/ca.crt -O /etc/openldap/cacerts/ca.crt
配置/etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/ca.crt
TLS_REQCERT never
/etc/sssd/sssd.conf
cat > /etc/sssd/sssd.conf << _EOF_
[sssd]
services = nss, pam
config_file_version = 2
domains = ldap
[domain/ldap]
debug_level = 9
cache_credentials = True
enumerate = false
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://master.local,ldaps://slave.local
ldap_search_base = dc=suntv,dc=tv
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/ca.crt
ldap_tls_reqcert = never
ldap_id_use_start_tls = false
entry_cache_timeout = 600
ldap_network_timeout = 2
[nss]
homedir_substring = /home
entry_negative_timeout = 20
entry_cache_nowait_percentage = 50
filter_users = root
filter_groups = root
[pam]
[sudo]
[autofs]
[ssh]
[pac]
_EOF_
systemctl restart sssd
systemctl enable sssd
posted on
2016-09-22 16:21
北京涛子 阅读(
...) 评论(
)
编辑
收藏
转载于:https://www.cnblogs.com/liujitao79/p/5896878.html
相关资源:各显卡算力对照表!
