Ubuntu Server Guide Changes, errors and bugs
Automatic home directory creation
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
|
Automatic home directory creation
To enable automatic home directory creation, run the following command: sudo pam−auth−update −−e n a b l e mkhomedir Check SSL setup on the client The client must be able to use START_TLS when connecting to the LDAP server, with full certificate checking. This means: • the client host knows and trusts the CA that signed the LDAP server certificate • the server certificate was issued for the correct host (ldap01.example.com in this guide) • the time is correct on all hosts performing the TLS connection • and, of course, that neither certificate (CA or server’s) expired If using a custom CA, an easy way to have a host trust it is to place it in /usr/local/share/ca− certificates / with a . crt extension and run sudo update−ca−certificates. Alternatively, you can edit /etc/ldap/ldap.conf and point TLS_CACERT to the CA public key file. Note You may have to restart sssd after these changes: sudo systemctl restart sssd 229 Once that is all done, check that you can connect to the LDAP server using verified SSL connections: $ ldapwhoami −x −ZZ −h l d a p 0 1 . example . com anonymous The −ZZ parameter tells the tool to use START_TLS, and that it must not fail. If you have LDAP logging enabled on the server, it will show something like this: s l a p d [ 7 7 9 ] : conn =1032 op=0 STARTTLS s l a p d [ 7 7 9 ] : conn =1032 op=0 RESULT o i d= e r r =0 t e x t= s l a p d [ 7 7 9 ] : conn =1032 f d =15 TLS e s t a b l i s h e d t l s _ s s f =256 s s f =256 s l a p d [ 7 7 9 ] : conn =1032 op=1 BIND dn=”” method=128 s l a p d [ 7 7 9 ] : conn =1032 op=1 RESULT t a g =97 e r r =0 t e x t= s l a p d [ 7 7 9 ] : conn =1032 op=2 EXT o i d = 1 . 3 . 6 . 1 . 4 . 1 . 4 2 0 3 . 1 . 1 1 . 3 s l a p d [ 7 7 9 ] : conn =1032 op=2 WHOAMI s l a p d [ 7 7 9 ] : conn =1032 op=2 RESULT o i d= e r r =0 t e x t= START_TLS with err=0 and TLS established is what we want to see there, and, of course, the WHOAMI extended operation. Download 1.27 Mb. Do'stlaringiz bilan baham: 
|