Difference between revisions of "CentOS"

From Univention Wiki

Jump to: navigation, search
Line 20: Line 20:
  
 
First the needed PAM modules need to be installed:
 
First the needed PAM modules need to be installed:
 +
<source lang=bash>
 
  yum install openldap openldap-clients nss_ldap krb5-libs krb5-workstation
 
  yum install openldap openldap-clients nss_ldap krb5-libs krb5-workstation
 +
</source>
  
 
Afterwards LDAP and Kerberos need to be enabled:
 
Afterwards LDAP and Kerberos need to be enabled:
authconfig --enablekrb5 --krb5kdc=<DC> --krb5realm=<REALM> --krb5adminserver=<DC> --enablecache --update''
+
<source lang=bash>
authconfig --enableldapauth --ldapserver=<DC>:7389 --ldapbasedn=<base DN> --disableldaptls \
+
authconfig --enablekrb5 --krb5kdc=<DC> --krb5realm=<REALM> --krb5adminserver=<DC> --enablecache --update''
 +
authconfig --enableldapauth --ldapserver=<DC>:7389 --ldapbasedn=<base DN> --disableldaptls \
 
  --ldaploadcacert=https://<DC Master>/ucs-root-ca.crt --update''
 
  --ldaploadcacert=https://<DC Master>/ucs-root-ca.crt --update''
 +
</source>
  
 
thereby you can use any UCS domain controller for the domain controller. The base DN can be found on a UCS domain controller using the command
 
thereby you can use any UCS domain controller for the domain controller. The base DN can be found on a UCS domain controller using the command
 +
<source lang=bash>
 
  ucr get ldap/base
 
  ucr get ldap/base
 +
</source>
  
 
Now you need to set the binddn and password to use the authenticated ldap
 
Now you need to set the binddn and password to use the authenticated ldap
<pre>
+
<source lang=bash>
 
cat << _EOF_ >>/etc/libuser.conf
 
cat << _EOF_ >>/etc/libuser.conf
 
binddn cn=<hostname>,cn=computers,<base DN>
 
binddn cn=<hostname>,cn=computers,<base DN>
Line 44: Line 50:
 
bindpw <password>
 
bindpw <password>
 
_EOF_
 
_EOF_
</pre>
+
</source>
  
 
Afterwards you should be able to log into your CentOS System.
 
Afterwards you should be able to log into your CentOS System.

Revision as of 07:50, 12 June 2012

Produktlogo UCS Version 3.0

This guide describes how to include CentOS 6.2 in an UCS 3.0 domain. It only shows the diverging points from the standard CentOS installation.

Inclusion in the Management System

To include the CentOS system into the UCS management system, add it as a member server. This ensures that the proper accounts will be added for the client. The following commands create a memberserver from the command-line with a known password:

password="$(< /dev/urandom tr -dc A-Za-z0-9_ | head -c8)"
eval $(ucr shell)
udm computers/memberserver create --position cn=computers,${ldap_base} \
--set name=<hostname> --set password="${password}"

CentOS Installation

During the installation one of UCS domain controllers should be chosen as the ntp time server. Additionally, the hostname for the system should be configured manually and not be relied on the DHCP offered one.

Authentication Configuration

First the needed PAM modules need to be installed:

 yum install openldap openldap-clients nss_ldap krb5-libs krb5-workstation

Afterwards LDAP and Kerberos need to be enabled:

authconfig --enablekrb5 --krb5kdc=<DC> --krb5realm=<REALM> --krb5adminserver=<DC> --enablecache --update''
authconfig --enableldapauth --ldapserver=<DC>:7389 --ldapbasedn=<base DN> --disableldaptls \
 --ldaploadcacert=https://<DC Master>/ucs-root-ca.crt --update''

thereby you can use any UCS domain controller for the domain controller. The base DN can be found on a UCS domain controller using the command

 ucr get ldap/base

Now you need to set the binddn and password to use the authenticated ldap

cat << _EOF_ >>/etc/libuser.conf
binddn cn=<hostname>,cn=computers,<base DN>
bindpw <password>
_EOF_
cat << _EOF_ >>/etc/nslcd.conf
binddn cn=<hostname>,cn=computers,<base DN>
bindpw <password>
_EOF_
cat << _EOF_ >>/etc/pam_ldap.conf
binddn cn=<hostname>,cn=computers,<base DN>
bindpw <password>
_EOF_

Afterwards you should be able to log into your CentOS System.

Personal tools