Dicas Centos7

De Slacam_Wiki
Ir para: navegação, pesquisa

Algumas coisas que mudaram no CentOS 7

1 - Desabilitar o firewall 

systemctl stop firewalld
systemctl disable firewalld

2 - Parar e Inciar serviços 

systemctl stop httpd
systemctl restart httpd

Pode usar também: 

service httpd stop

3 - Para habilitar autenticação LDAP 

yum install nss-pam-ldapd -y 
systemctl enable nslcd
systemctl enable nscd
setup #(para colocar as info do servidor ldap)

Troque os dados do arquivo authconfig para: 

vim /etc/sysconfig/authconfig
IPADOMAINJOINED=no
USEMKHOMEDIR=yes
USEPAMACCESS=no
CACHECREDENTIALS=yes
USESSSDAUTH=no
USESHADOW=yes
USEWINBIND=no
USESSSD=yes
USEDB=no
FORCELEGACY=no
USEFPRINTD=no
FORCESMARTCARD=no
USELDAPAUTH=yes
USEPASSWDQC=no
IPAV2NONTP=no
WINBINDKRB5=no
USELDAP=yes
USEECRYPTFS=no
USEIPAV2=no
USEWINBINDAUTH=no
USESMARTCARD=no
USELOCAUTHORIZE=yes
USENIS=no
USEKERBEROS=no
USESYSNETAUTH=no
PASSWDALGORITHM=sha512
USEPWQUALITY=yes
USEHESIOD=no

4 - Desabilitar o boot para o modo gráfico 

ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

5 - O nx não funciona corretamente por isso temos de usar o X2GO 

wget http://mirror.globo.com/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm
yum install epel-release-7-0.2.noarch.rpm
yum install x2goserver x2goserver-xsession

6 - Trocar o nome da máquina agora está em: 

vim /etc/hostname

7 - Para autenticar por LDAP use o comando abaixo: 

authconfig \
--enablesssd \
--enablesssdauth \
--enablelocauthorize \
--enableldap \
--enableldapauth \
--ldapserver=ldap://ldap.example.com:389 \
--disableldaptls \
--ldapbasedn=dc=example,dc=com \
--enablerfc2307bis \
--enablemkhomedir \
--enablecachecreds \
--update

8 - Para ajustes finos do ldap pode ser feito em /etc/sssd/sssd.conf If you’re going to use TLS (which you really should if your LDAP directory supports it — most, including OpenDJ, do), change “ldap_id_use_start_tls” to “True”. 

[domain/default]

autofs_provider = ldap
ldap_schema = rfc2307bis
krb5_realm = #
ldap_search_base = dc=example,dc=com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.example.com:389
ldap_id_use_start_tls = True
cache_credentials = True
ldap_tls_cacertdir = /etc/pki/tls/certs
ldap_tls_cacert = /etc/pki/tls/certs/mybundle.pem
[sssd]
services = nss, pam, autofs
config_file_version = 2

domains = default
[nss]

[pam]

[sudo]

[autofs]

[ssh]

[pac]

Restart sssd to effect these changes: 

systemctl restart sssd

DO NOT use the update option with authconfig until you’ve restarted the service, otherwise you’ll wipe out any changes you’ve made to the configuration file.

Then run a check to make sure they’ve been read in correctly: 

authconfig --test

9- Update /etc/openldap/ldap.conf to follow the same configuration. It should look something like this when you’re done: 

SASL_NOCANON    on
URI ldaps://ldap.example.com:389
BASE dc=example,dc=com
TLS_REQUIRE never
TLS_CACERTDIR /etc/pki/tls/cacerts
TLS_CACERT /etc/pki/tls/certs/mybundle.pem

That “TLS_REQUIRE never” is for the benefit of application stacks like php that leverage the system’s LDAP but have difficulty with LDAPS and TLS, even when dealing with certs signed by an external authority.

10- Make sure that sssd is up and running, as well as enabled to restart when the system reboots next. Use “systemctl status sssd” to check this. If it isn’t use “systemctl enable sssd” and “systemctl start sssd”.

Sometimes it is best to restart the service in order to ensure that the cache is cleared out and all changes applied. Use “systemctl restart sssd” for this.

http://onemoretech.wordpress.com/2014/02/23/sssd-for-ldap-auth-on-linux/

Disponível em "http://wiki.slacam.com.br/index.php?title=Dicas_Centos7&oldid=799"