Dicas Centos7
Algumas coisas que mudaram no CentOS 7
1 - Desabilitar o firewall
systemctl stop firewalld systemctl disable firewalld
2 - Parar e Inciar serviços
systemctl stop httpd systemctl restart httpd
Pode usar também:
service httpd stop
3 - Para habilitar autenticação LDAP
yum install nss-pam-ldapd -y systemctl enable nslcd systemctl enable nscd setup #(para colocar as info do servidor ldap)
Troque os dados do arquivo authconfig para:
vim /etc/sysconfig/authconfig IPADOMAINJOINED=no USEMKHOMEDIR=yes USEPAMACCESS=no CACHECREDENTIALS=yes USESSSDAUTH=no USESHADOW=yes USEWINBIND=no USESSSD=yes USEDB=no FORCELEGACY=no USEFPRINTD=no FORCESMARTCARD=no USELDAPAUTH=yes USEPASSWDQC=no IPAV2NONTP=no WINBINDKRB5=no USELDAP=yes USEECRYPTFS=no USEIPAV2=no USEWINBINDAUTH=no USESMARTCARD=no USELOCAUTHORIZE=yes USENIS=no USEKERBEROS=no USESYSNETAUTH=no PASSWDALGORITHM=sha512 USEPWQUALITY=yes USEHESIOD=no
4 - Desabilitar o boot para o modo gráfico
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
5 - O nx não funciona corretamente por isso temos de usar o X2GO
wget http://mirror.globo.com/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm yum install epel-release-7-0.2.noarch.rpm yum install x2goserver x2goserver-xsession
6 - Trocar o nome da máquina agora está em:
vim /etc/hostname
7 - Para autenticar por LDAP use o comando abaixo:
authconfig \ --enablesssd \ --enablesssdauth \ --enablelocauthorize \ --enableldap \ --enableldapauth \ --ldapserver=ldap://ldap.example.com:389 \ --disableldaptls \ --ldapbasedn=dc=example,dc=com \ --enablerfc2307bis \ --enablemkhomedir \ --enablecachecreds \ --update
8 - Para ajustes finos do ldap pode ser feito em /etc/sssd/sssd.conf If you’re going to use TLS (which you really should if your LDAP directory supports it — most, including OpenDJ, do), change “ldap_id_use_start_tls” to “True”.
[domain/default]
autofs_provider = ldap ldap_schema = rfc2307bis krb5_realm = # ldap_search_base = dc=example,dc=com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldap.example.com:389 ldap_id_use_start_tls = True cache_credentials = True ldap_tls_cacertdir = /etc/pki/tls/certs ldap_tls_cacert = /etc/pki/tls/certs/mybundle.pem [sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [sudo] [autofs] [ssh] [pac]
Restart sssd to effect these changes:
systemctl restart sssd
DO NOT use the update option with authconfig until you’ve restarted the service, otherwise you’ll wipe out any changes you’ve made to the configuration file.
Then run a check to make sure they’ve been read in correctly:
authconfig --test
9- Update /etc/openldap/ldap.conf to follow the same configuration. It should look something like this when you’re done:
SASL_NOCANON on URI ldaps://ldap.example.com:389 BASE dc=example,dc=com TLS_REQUIRE never TLS_CACERTDIR /etc/pki/tls/cacerts TLS_CACERT /etc/pki/tls/certs/mybundle.pem
That “TLS_REQUIRE never” is for the benefit of application stacks like php that leverage the system’s LDAP but have difficulty with LDAPS and TLS, even when dealing with certs signed by an external authority.
10- Make sure that sssd is up and running, as well as enabled to restart when the system reboots next. Use “systemctl status sssd” to check this. If it isn’t use “systemctl enable sssd” and “systemctl start sssd”.
Sometimes it is best to restart the service in order to ensure that the cache is cleared out and all changes applied. Use “systemctl restart sssd” for this.
http://onemoretech.wordpress.com/2014/02/23/sssd-for-ldap-auth-on-linux/