インストール
yum install openldap-clients nss-pam-ldapd
Dependencies Resolved
>
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
nss-pam-ldapd x86_64 0.7.5-18.1.el6_4 updates 152 k
openldap-clients x86_64 2.4.23-32.el6_4.1 updates 165 k
Installing for dependencies:
nscd x86_64 2.12-1.107.el6 base 212 k
pam_ldap x86_64 185-11.el6 base 88 k
Updating for dependencies:
openldap x86_64 2.4.23-32.el6_4.1 updates 265 k
>
Transaction Summary
================================================================================
Install 4 Package(s)
Upgrade 1 Package(s)
設定ファイルのバックアップ
cp -av /etc/openldap/ldap.conf /etc/openldap/ldap.conf.org
cp -av /etc/nslcd.conf /etc/nslcd.conf.org
cp -av /etc/pam_ldap.conf /etc/pam_ldap.conf.org
cp -av /etc/nsswitch.conf /etc/nsswitch.conf.org
cp -av /etc/sysconfig/authconfig /etc/sysconfig/authconfig.org
cp -av /etc/pam.d/system-auth-ac /etc/pam.d/system-auth.org
/etc/sysconfig/authconfig の FORCELEGACYを 「yes」 に変更
diff -u /etc/sysconfig/authconfig.org /etc/sysconfig/authconfig
--- /etc/sysconfig/authconfig.org 2013-06-10 14:17:29.709999947 +0900
+++ /etc/sysconfig/authconfig 2013-06-11 06:19:16.210001198 +0900
@@ -6,7 +6,7 @@
USESHADOW=yes
USEWINBIND=no
USEDB=no
-FORCELEGACY=no
+FORCELEGACY=yes
USEFPRINTD=no
FORCESMARTCARD=no
PASSWDALGORITHM=sha512
authconfigでクライアント用のldap認証の設定変更を行う。
authconfig --enableldap --enableldapauth --ldapserver=192.168.1.11 --ldapbasedn="dc=example,dc=com" --update
chkconfig nslcd on
ログイン時にホームディレクトリを作成するようにsystem-authファイルの最後に設定を追加
echo "session optional pam_mkhomedir.so skel=/etc/skel umask=022" >> /etc/pam.d/system-auth
reboot
確認
id testuser
uid=9999(testuser) gid=9999(testgroup) 所属グループ=9999(testgroup)