41
edits
Changes
Jump to navigation
Jump to search
mLine 28:
Line 28: − + Line 36:
Line 36: − + − + Line 126:
Line 126: − + Line 134:
Line 134: − Thats all. +
Client Authentication:Fedora via sssd/ldap (view source)
Revision as of 19:52, 23 October 2015
, 19:52, 23 October 2015no edit summary
dnf install oddjob-mkhomedir sssd policycoreutils-python
dnf install oddjob-mkhomedir sssd policycoreutils-python
===Preparare the /home folder===
===Prepare the /home folder===
The “/home” folders of the users will be placed at the same place as on the SME (/home/e-smith/fies/users).
The “/home” folders of the users will be placed at the same place as on the SME (/home/e-smith/fies/users).
This must be configured to avoid blocks from SELinux:
This must be configured to avoid blocks from SELinux:
restorecon -R /var/lib/sss
restorecon -R /var/lib/sss
===Acive and enable the oddjobd daemon===
===Active and enable the oddjobd daemon===
This deamon will create the personal /home folders at the first login of the users.
This daemon will create the personal /home folders at the first login of the users.
systemctl start oddjobd.service
systemctl start oddjobd.service
systemctl enable oddjobd.service
systemctl enable oddjobd.service
should show you the users of the SME.
should show you the users of the SME.
'''''If it doen't work:'''''
'''''If it doesn't work:'''''
*check first of all if the password of the user “auth” is present in clear by the parameter “ldap_default_authtok” of /etc/sssd/sssd.conf.
*check first of all if the password of the user “auth” is present in clear by the parameter “ldap_default_authtok” of /etc/sssd/sssd.conf.
*Further more, for tests and debug, you can set “ldap_tls_reqcert = never” to avoid problems due to a non accepted CA.
*Further more, for tests and debug, you can set “ldap_tls_reqcert = never” to avoid problems due to a non accepted CA.
gpasswd -a <your ldap login> wheel}}
gpasswd -a <your ldap login> wheel}}
That's all.
Enjoy!
Enjoy!
[[Category:Howto]]
[[Category:Howto]]