Setting up LDAP/SSL during kickstart
mups.cp
mups.cp at gmail.com
Thu Sep 6 14:43:28 UTC 2007
The kickstart auth option allow set must tyhe options you are settings
into %post.
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html
has all you need. Look for auth/authconfig
> %post
> # Setup LDAP
> #
> # equiv to running setup tool
> authconfig --kickstart --enableshadow --enablemd5 --enableldap
> --enableldapauth --ldapserver ldap.yourdomain.com --ldapbasedn
> dc=yourdomain,dc=com
Use this out %post. Look the link above.
> #
> # Turn SSL on in the config files
> perl -p -i -e 's/^ssl no/ssl on/g' /etc/ldap.conf
> echo "tls_cacertfile /etc/openldap/cacerts/cacert.asc" >> /etc/ldap.conf
> echo "URI ldaps://ldap.yourdomain.com" >> /etc/openldap/ldap.conf
Again, no necessary if using the above --enableldaptls.
> #
> # Create a directory to hold our Cert Auth certificate
> mkdir -p /etc/openldap/cacerts
> # Download the CA certificate
> wget -O /etc/openldap/cacerts/cacert.asc http://INSTALL_SERVER/cacert.asc
> #
OK
> # Have PAM autocreate home directories upon login
> echo "session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
> umask=0077" >> /etc/pam.d/system-auth
This is useful only if users connect through ssh.
Through samba use root preexec to create home dir automaticly.
For Linux clients use autofs.
> #
> # Ensure that local authorization is enough to get on the system
> # (i.e. root can login)
> perl -p -i -e 's/^USELOCAUTHORIZE=no/USELOCAUTHORIZE=yes/'
> /etc/sysconfig/authconfig
My system works without change this.
More information about the Kickstart-list
mailing list