Linux System Administration Recipes A Problem-Solution Approach

More documents

Recommendations

Info

CHAPTER 2 ■ CENTRALIZING YOUR NETWORK: KERBEROS, LDAP, AND NFSThen apply the file to your database:kinit ldapadm; ldapmodify -f modifyfileAlternatively, you can of course edit any data migration tool so it doesn’t take the password data.2-6. Setting Up the LDAP ClientOn your client, install the required packages:sudo apt-get install ldap_utils libnss-ldap autofs-ldap nscd■ Note You need autofs-ldap only if you use automount. See recipe 2-14.Edit /etc/nsswitch.conf:passwd:shadow:group:hosts:compat files ldapcompat filescompat files ldapfiles dnsservices: db files ldap [NOTFOUND=return]networks: db files ldap [NOTFOUND=return]protocols: db files ldap [NOTFOUND=return]rpc: db files ldap [NOTFOUND=return]ethers: db files ldap [NOTFOUND=return]automount: filesIt is important that compat and files entries appear before ldap for passwd/shadow/group. Otherwise,if your LDAP server fails (or the client connection to it does), you won’t be able to log in at all. You canuse ldap for hosts as well if you prefer.Edit /etc/libnss-ldap.conf (on Ubuntu this is /etc/ldap.conf—not to be confused with/etc/ldap/ldap.conf!) so that the only lines uncommented are as follows:base dc=example,dc=comuri ldaps://ldapserver.example.comldap_version 3Edit /etc/ldap/ldap.conf:BASEURIdc=example,dc=comldaps://ldapserver.example.com38Download at WoweBook.Com
CHAPTER 2 ■ CENTRALIZING YOUR NETWORK: KERBEROS, LDAP, AND NFS■ Note If you’re using TLS over the standard LDAP port, the URI line will be the URI ldap://ldapserver.example.com.If you’re using a self-signed certificate, you can add this line to enable the client to request theserver’s certificate:TLS_REQCERT allowOtherwise, copy the certificate to the client, and set the location with the following:TLS_CACERT /path/to/fileIf you’re using a proper CA, you should be able to use this:TLS_CACERTDIR /usr/share/ca-certificates/to point to the directory where the ca-certificates package stores certificates; if this causes problems,use the TLS_CACERT option instead.To set up automount to read from LDAP, see recipe 2-14.To test your setup, try the following on the client:ldapsearch -d 1 -xYou should see the TLS information at the top and bottom of the debug output (generated with the -d 1 flag). If you have any problems, try specifying the server with-H ldaps://ldapserver.example.com. If this works, check that the values in /etc/ldap/ldap.conf match your setup.Finally, test that Kerberos auth is working by typing kinit and then ldapsearch (in other words,without the -x simple bind flag).You’re there!TroubleshootingIf your secure LDAP connection isn’t working, check that you’re definitely using SSL rather than TLS.You may need to add the following to your /etc/libnss-ldap.conf (/etc/ldap.conf on Ubuntu) file:ssl onIf you use PAM and LDAP together, you should also add it to pam_ldap.conf. Some versions defaultto TLS, and some to SSL, which forces SSL being used. At time of writing, this was a known bug withDebian lenny.39Download at WoweBook.Com
Page 2:
Download at WoweBook.Com
Page 5 and 6:
Download at WoweBook.Comiii
Page 7 and 8: Contents■About the Author .......
Page 9 and 10: ■ CONTENTS3-7. Writing a Nagios P
Page 11 and 12: ■ CONTENTS■Chapter 8: Using the
Page 13 and 14: ■ CONTENTSAbout the Author■Juli
Page 15 and 16: ■ CONTENTSAcknowledgmentsMany tha
Page 17 and 18: ■ CONTENTSIntroductionThis book i
Page 19 and 20: ■ INTRODUCTIONDownloading the Cod
Page 21 and 22: C H A P T E R 1■ ■ ■Saving Yo
Page 23 and 24: CHAPTER 1 ■ SAVING YOURSELF EFFOR
Page 41 and 42: C H A P T E R 2■ ■ ■Centraliz
Page 43 and 44: CHAPTER 2 ■ CENTRALIZING YOUR NET
Page 57: CHAPTER 2 ■ CENTRALIZING YOUR NET
Page 83 and 84: C H A P T E R 3■ ■ ■Monitorin
Page 85 and 86: CHAPTER 3 ■ MONITORING AND UPDATI
Page 109 and 110:
CHAPTER 3 ■ MONITORING AND UPDATI
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
C H A P T E R 4■ ■ ■Taking Ba
Page 117 and 118:
CHAPTER 4 ■ TAKING BACKUPS AND MA
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
C H A P T E R 5■ ■ ■Working w
Page 141 and 142:
CHAPTER 5 ■ WORKING WITH FILESYST
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
C H A P T E R 6■ ■ ■Securing
Page 157 and 158:
CHAPTER 6 ■ SECURING YOUR SYSTEMS
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
CHAPTER 7 ■ WORKING WITH APACHEOn
Page 181 and 182:
CHAPTER 7 ■ WORKING WITH APACHEdi
Page 183 and 184:
CHAPTER 7 ■ WORKING WITH APACHE4.
Page 185 and 186:
CHAPTER 7 ■ WORKING WITH APACHE
Page 187 and 188:
CHAPTER 7 ■ WORKING WITH APACHEAl
Page 189 and 190:
CHAPTER 7 ■ WORKING WITH APACHE
Page 191 and 192:
C H A P T E R 8■ ■ ■Making Be
Page 193 and 194:
CHAPTER 8 ■ USING THE COMMAND LIN
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
Page 207 and 208:
CHAPTER 9 ■ WORKING WITH TEXT IN
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
C H A P T E R 10■ ■ ■Things G
Page 225 and 226:
CHAPTER 10 ■ THINGS GO IN, THINGS
Page 227 and 228:
Page 229 and 230:
Page 231 and 232:
Page 233 and 234:
C H A P T E R 11■ ■ ■Tracking
Page 235 and 236:
CHAPTER 11 ■ TRACKING DOWN BUGSTh
Page 237 and 238:
CHAPTER 11 ■ TRACKING DOWN BUGS01
Page 239 and 240:
CHAPTER 11 ■ TRACKING DOWN BUGS
Page 241 and 242:
Page 243 and 244:
Page 245 and 246:
CHAPTER 11 ■ TRACKING DOWN BUGSTh
Page 247 and 248:
CHAPTER 11 ■ TRACKING DOWN BUGSAn
Page 249 and 250:
CHAPTER 11 ■ TRACKING DOWN BUGS#
Page 251 and 252:
C H A P T E R 12■ ■ ■Managing
Page 253 and 254:
CHAPTER 12 ■ MANAGING TIME AND PE
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
Page 263 and 264:
Page 265 and 266:
Page 267 and 268:
APPENDIX■ ■ ■Perl TipsSee rec
Page 269 and 270:
APPENDIX ■ PERL TIPS• Date::Par
Page 271 and 272:
APPENDIX ■ PERL TIPSPerl Syntax N
Page 273 and 274:
■ ■ ■Index■Symbols$CDPATH,
Page 275 and 276:
■ INDEXenscript option (printing)
Page 277 and 278:
■ INDEX■NNagiosadding hosts to,
Page 279 and 280:
■ INDEXsyslogcentralized logging
Page 281 and 282:
Download at WoweBook.Com
show all

Linux System Administration Recipes A Problem-Solution Approach

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?