我一直试图在CentOS 6上获得LDAP身份验证和NFS导出主目录几天.我已经说到我现在可以使用LDAP中的用户名和密码登录客户端计算机.在客户端上,/ home和/ opt通过NFS安装在fstab中.但是,/ opt和/ home中的每个文件都由nobody:nobody(uid:99,gid:99)在客户端上拥有.
但是我的uid和gid似乎设置正确:
-bash-4.1$id uid=3000(myusername) gid=3000(employees) groups=3000(employees)
我还能检查什么?以下是我客户端上的一些配置文件:
/etc/nsswitch.conf中
passwd: files sss shadow: files sss group: files sss hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files sss publickey: nisplus automount: files ldap aliases: files nisplus
/etc/sssd/sssd.conf
[sssd] config_file_version = 2 services = nss,pam domains = default [nss] [pam] [domain/default] auth_provider = ldap ldap_id_use_start_tls = True chpass_provider = ldap cache_credentials = True krb5_realm = EXAMPLE.COM ldap_search_base = dc=mycompany,dc=com id_provider = ldap ldap_uri = ldaps://server.subdomain.mycompany.com krb5_kdcip = kerberos.example.com ldap_tls_cacertdir = /etc/openldap/cacerts # Configure client certificate auth. ldap_tls_cert = /etc/openldap/cacerts/client.pem ldap_tls_key = /etc/openldap/cacerts/client.pem ldap_tls_reqcert = demand
/ etc / fstab文件
/dev/mapper/vg_main-lv_root / ext4 defaults 1 1 UUID=4e43a15d-4dc0-4836-8fa6-c3445fde756c /boot ext4 defaults 1 2 /dev/mapper/vg_main-lv_swap swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 storage1:/nas/home /home nfs soft,intr,rsize=8192,wsize=8192 storage1:/nas/opt /opt nfs soft,wsize=8192
authconfig输出:
[root@test1 ~]# authconfig --test caching is disabled nss_files is always enabled nss_compat is disabled nss_db is disabled nss_hesiod is disabled hesiod LHS = "" hesiod RHS = "" nss_ldap is enabled LDAP+TLS is enabled LDAP server = "ldaps://server.subdomain.mycompany.com" LDAP base DN = "dc=mycompany,dc=com" nss_nis is disabled NIS server = "" NIS domain = "" nss_nisplus is disabled nss_winbind is disabled SMB workgroup = "" SMB servers = "" SMB security = "user" SMB realm = "" Winbind template shell = "/bin/false" SMB idmap uid = "16777216-33554431" SMB idmap gid = "16777216-33554431" nss_sss is disabled by default nss_wins is disabled nss_mdns4_minimal is disabled DNS preference over NSS or WINS is disabled pam_unix is always enabled shadow passwords are enabled password hashing algorithm is sha512 pam_krb5 is disabled krb5 realm = "EXAMPLE.COM" krb5 realm via dns is disabled krb5 kdc = "kerberos.example.com" krb5 kdc via dns is disabled krb5 admin server = "kerberos.example.com" pam_ldap is enabled LDAP+TLS is enabled LDAP server = "ldaps://server.subdomain.mycompany.com" LDAP base DN = "dc=mycompany,dc=com" LDAP schema = "rfc2307" pam_pkcs11 is disabled use only smartcard for login is disabled smartcard module = "" smartcard removal action = "" pam_fprintd is enabled pam_winbind is disabled SMB workgroup = "" SMB servers = "" SMB security = "user" SMB realm = "" pam_sss is disabled by default credential caching in SSSD is enabled SSSD use instead of legacy services if possible is enabled pam_cracklib is enabled (try_first_pass retry=3 type=) pam_passwdqc is disabled () pam_access is disabled () pam_mkhomedir or pam_oddjob_mkhomedir is enabled () Always authorize local users is enabled () Authenticate system accounts against network services is disabled