Difference between revisions of "CentOS"
From Univention Wiki
| Line 20: | Line 20: | ||
First the needed PAM modules need to be installed: | First the needed PAM modules need to be installed: | ||
| + | <source lang=bash> | ||
yum install openldap openldap-clients nss_ldap krb5-libs krb5-workstation | yum install openldap openldap-clients nss_ldap krb5-libs krb5-workstation | ||
| + | </source> | ||
Afterwards LDAP and Kerberos need to be enabled: | Afterwards LDAP and Kerberos need to be enabled: | ||
| − | + | <source lang=bash> | |
| − | + | authconfig --enablekrb5 --krb5kdc=<DC> --krb5realm=<REALM> --krb5adminserver=<DC> --enablecache --update'' | |
| + | authconfig --enableldapauth --ldapserver=<DC>:7389 --ldapbasedn=<base DN> --disableldaptls \ | ||
--ldaploadcacert=https://<DC Master>/ucs-root-ca.crt --update'' | --ldaploadcacert=https://<DC Master>/ucs-root-ca.crt --update'' | ||
| + | </source> | ||
thereby you can use any UCS domain controller for the domain controller. The base DN can be found on a UCS domain controller using the command | thereby you can use any UCS domain controller for the domain controller. The base DN can be found on a UCS domain controller using the command | ||
| + | <source lang=bash> | ||
ucr get ldap/base | ucr get ldap/base | ||
| + | </source> | ||
Now you need to set the binddn and password to use the authenticated ldap | Now you need to set the binddn and password to use the authenticated ldap | ||
| − | < | + | <source lang=bash> |
cat << _EOF_ >>/etc/libuser.conf | cat << _EOF_ >>/etc/libuser.conf | ||
binddn cn=<hostname>,cn=computers,<base DN> | binddn cn=<hostname>,cn=computers,<base DN> | ||
| Line 44: | Line 50: | ||
bindpw <password> | bindpw <password> | ||
_EOF_ | _EOF_ | ||
| − | </ | + | </source> |
Afterwards you should be able to log into your CentOS System. | Afterwards you should be able to log into your CentOS System. | ||
Revision as of 07:50, 12 June 2012
This guide describes how to include CentOS 6.2 in an UCS 3.0 domain. It only shows the diverging points from the standard CentOS installation.
Inclusion in the Management System
To include the CentOS system into the UCS management system, add it as a member server. This ensures that the proper accounts will be added for the client. The following commands create a memberserver from the command-line with a known password:
password="$(< /dev/urandom tr -dc A-Za-z0-9_ | head -c8)"
eval $(ucr shell)
udm computers/memberserver create --position cn=computers,${ldap_base} \
--set name=<hostname> --set password="${password}"
CentOS Installation
During the installation one of UCS domain controllers should be chosen as the ntp time server. Additionally, the hostname for the system should be configured manually and not be relied on the DHCP offered one.
Authentication Configuration
First the needed PAM modules need to be installed:
yum install openldap openldap-clients nss_ldap krb5-libs krb5-workstation
Afterwards LDAP and Kerberos need to be enabled:
authconfig --enablekrb5 --krb5kdc=<DC> --krb5realm=<REALM> --krb5adminserver=<DC> --enablecache --update''
authconfig --enableldapauth --ldapserver=<DC>:7389 --ldapbasedn=<base DN> --disableldaptls \
--ldaploadcacert=https://<DC Master>/ucs-root-ca.crt --update''
thereby you can use any UCS domain controller for the domain controller. The base DN can be found on a UCS domain controller using the command
ucr get ldap/base
Now you need to set the binddn and password to use the authenticated ldap
cat << _EOF_ >>/etc/libuser.conf
binddn cn=<hostname>,cn=computers,<base DN>
bindpw <password>
_EOF_
cat << _EOF_ >>/etc/nslcd.conf
binddn cn=<hostname>,cn=computers,<base DN>
bindpw <password>
_EOF_
cat << _EOF_ >>/etc/pam_ldap.conf
binddn cn=<hostname>,cn=computers,<base DN>
bindpw <password>
_EOF_
Afterwards you should be able to log into your CentOS System.
