我一直试图在CentOS 6上获得LDAP身份验证和NFS导出主目录几天.我已经说到我现在可以使用LDAP中的用户名和密码登录客户端计算机.在客户端上,/ home和/ opt通过NFS安装在fstab中.但是,/ opt和/ home中的每个文件都由nobody:nobody(uid:99,gid:99)在客户端上拥有.
但是我的uid和gid似乎设置正确:
-bash-4.1$id uid=3000(myusername) gid=3000(employees) groups=3000(employees)
我还能检查什么?以下是我客户端上的一些配置文件:
/etc/nsswitch.conf中
passwd: files sss shadow: files sss group: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files sss publickey: nisplus automount: files ldap aliases: files nisplus
/etc/sssd/sssd.conf
[sssd] config_file_version = 2 services = nss,pam domains = default [nss] [pam] [domain/default] auth_provider = ldap ldap_id_use_start_tls = True chpass_provider = ldap cache_credentials = True krb5_realm = EXAMPLE.COM ldap_search_base = dc=mycompany,dc=com id_provider = ldap ldap_uri = ldaps://server.subdomain.mycompany.com krb5_kdcip = kerberos.example.com ldap_tls_cacertdir = /etc/openldap/cacerts # Configure client certificate auth. ldap_tls_cert = /etc/openldap/cacerts/client.pem ldap_tls_key = /etc/openldap/cacerts/client.pem ldap_tls_reqcert = demand
/ etc / fstab文件
/dev/mapper/vg_main-lv_root / ext4 defaults 1 1 UUID=4e43a15d-4dc0-4836-8fa6-c3445fde756c /boot ext4 defaults 1 2 /dev/mapper/vg_main-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 storage1:/nas/home /home nfs soft,intr,rsize=8192,wsize=8192 storage1:/nas/opt /opt nfs soft,wsize=8192
[root@test1 ~]# authconfig --test caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is enabled LDAP server = "ldaps://server.subdomain.mycompany.com" LDAP base DN = "dc=mycompany,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_sss is disabled by default nss_wins is disabled nss_mdns4_minimal is disabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "EXAMPLE.COM" krb5 realm via dns is disabled krb5 kdc = "kerberos.example.com" krb5 kdc via dns is disabled krb5 admin server = "kerberos.example.com" pam_ldap is enabled LDAP+TLS is enabled LDAP server = "ldaps://server.subdomain.mycompany.com" LDAP base DN = "dc=mycompany,dc=com" LDAP schema = "rfc2307" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "" smartcard removal action = "" pam_fprintd is enabled pam_winbind is disabled SMB workgroup = "" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is disabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled pam_cracklib is enabled (try_first_pass retry=3 type=) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir or pam_oddjob_mkhomedir is enabled () Always authorize local users is enabled () Authenticate system accounts against network services is disabled
为谷歌搜索者添加的一个注释 – 我们遇到了同样的问题,无论我们做了什么,nfs mount都不能正确映射用户ID.
问题是idmapd从错误的配置缓存了错误的ID,并且没有修复配置会对它进行排序.
用于修复此问题的centos命令是nfsidmap -c(clear cache).
希望这有助于一些绝望的搜索者..
原文地址:https://www.jb51.cc/centos/374010.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
