2: 2021-06-26 (土) 12:32:13 iseki |
3: 2021-06-26 (土) 18:35:06 iseki |
- | **** /etc/sssd/sssd.conf [#bc6a8914] | + | ** SSSD [#h3c7678c] |
- | # cat /etc/sssd/sssd.conf | + | - System Security Services Daemon |
- | [sssd] | + | - [[LDAP]] を使用した認証が可能.キャッシュサーバ一体型. |
- | debug_level = 0 | + | - nsswith.conf 経由で,これ単体で認証可能!(pamとかいらない) |
- | config_file_version = 2 | + | #br |
- | services = nss, sudo, pam, autofs, ssh | + | |
- | domains = default | + | |
| | | |
- | [domain/default] | + | *** Getting Start [#yd2c55ab] |
- | enumerate = true | + | |
- | id_provider = ldap | + | |
- | auth_provider = ldap | + | |
- | #access_provider = permit | + | |
| | | |
- | chpass_provider = ldap | + | - getent shadow が使えなくても,認証可能! |
- | sudo_provider = ldap | + | #br |
- | ldap_uri = ldap://202.26.150.51/ | + | |
- | ldap_search_base = dc=nsl,dc=tuis,dc=ac,dc=jp | + | |
- | ldap_id_use_start_tls = False | + | |
- | ldap_search_timeout = 3 | + | |
- | ldap_network_timeout = 3 | + | |
- | ldap_opt_timeout = 3 | + | |
- | ldap_enumeration_search_timeout = 60 | + | |
- | ldap_enumeration_refresh_timeout = 300 | + | |
- | ldap_connection_expire_timeout = 600 | + | |
- | ldap_sudo_smart_refresh_interval = 600 | + | |
- | ldap_sudo_full_refresh_interval = 10800 | + | |
- | entry_cache_timeout = 1200 | + | |
- | cache_credentials = True | + | |
- | #cache_credentials = False | + | |
- | ldap_tls_reqcert = never | + | |
| | | |
- | ldap_default_bind_dn = cn=Manager | + | ****設定ファイル [#q45b6791] |
- | ldap_default_authtok = ****** | + | - /etc/sssd/[[sssd.conf>./sssd.conf]] |
| + | - /etc/nsswitch.conf |
| + | -- sss を追加 |
| + | - /etc/sysconfig/authconfig |
| + | -- SSSD関連を yes, LDAP関連を no (いらんかも知れない.いらん気がする.参考程度に記す) |
| + | #br |
| | | |
- | ldap_tls_cacertdir = /etc/openldap/cacerts | + | **** 検証 [#q4eaec9b] |
- | autofs_provider = ldap | + | - 要 sssd-tools |
| | | |
- | [nss] | + | # sssctl domain-status default |
- | homedir_substring = /home | + | |
- | entry_negative_timeout = 20 | + | |
- | entry_cache_nowait_percentage = 50 | + | |
- | | + | |
- | [pam] | + | |
- | | + | |
- | [sudo] | + | |
- | | + | |
- | [autofs] | + | |
- | | + | |
- | [ssh] | + | |
- | | + | |
- | [pac] | + | |