which login - binary

ldd /bin/login - to find library

cd /etc/pam.d/
vim /etc/pam.d/login

vim /etc/pam.d/system-auth

login process from ldap client system

_____________________________________
libpam.so
auth requisite pam_ldap.so

/etc/nslcd.conf
uri ldap://server.redhat.com
=====================================================**
setting up ldap authentication

yum install authconfig-gtk

yum install nscd nss-pam-ldapd pam_ldap -y
yum install pam_krb5
nscd = name server cache demon

authconfig-gtk

authconfig-gtk

select ldap
ldap search base dn dc=example,dc=com
ldap server ldap://server5.example.com
use TLS to encrypt connections
download CA Certificate
ftp;//server.redhat.com/pub/slapd.pam
apply

su - ldapuser5
id
grep ldapuser5 /etc/passwd
cd /tmp
touch testfile

UNDERSTANDING AUTOMOUNT
learning automount and fixing home directory

` * -rw nfsserver:/home/guests/&
nfs server
/etc/auto.master
/etc/auto.data - file -rw nfsserver:/data

nfs server
/home/guest

that will awake autofs

/etc/auto.master == /home/guests/ /etc/auto.guests
/etc/auto.guests == * -fstype *********** &

CONFIGURING AUTOMOUNT
samba-server
install samba-client
smbpasswd -a ldapusers
vim /etc/samba/smb.conf
[data]
comment = Ldap user home directories
path = /home/guests
public = yes
writable = no

client system

yum install autofs -y

vim /etc/auto.master
/home/guests /etc/auto.guests

vim /etc/auto.guests
* -rw nfsserver:/home/guests/&

note-sri: * and & goes together hand by hand its a matching

cases.
* -fstype=cifs,username=ldapusers,password=password
://server.redhat.com/data/&

samba-server
install samba-client
smbpasswd -a ldapusers

vim /etc/samba/smb.conf
[data]
comment = Ldap user home directories
path = /home/guests
public = yes
writable = no

======================== ==================================

yum search nfs

yum install nfs-utils -y

vim /etc/exports
/data -rw *(rw,no_root_squash)

exportfs -r
this is a special command to update export database
suppose for example once nfs server is active and client system is
connected to nfs server
if you add any new export share and update /etc/exports file you
cant restart nfs-service as it may inturpt nsf clients
so we can use exportfs -r command to update nfs exports database

mkdir /data

systemctl start nfs

systemctl enable nfs

systemctl status -l nfs

showmount -e localhost
mount localhost:/data /mnt
ls

auto creating /home directory for ldapuser

vim /etc/auto.master
/nfsserver /etc/auto.nfs

vim /etc/auto.nfs
blah -rw localhost:/data

systemctl restart autofs

cd /nfsserver -- this was auto created

ls -- doesnt show anything
ls -a --doesnt show anything
cd blah -- able to get into this folder tough it was not showing

=== modifying nslcd configuration

==================
systemctl status nslcd
name services LDAP client daemon is a glue between local linux
service and external ldap server

vim /etc/nsswitch.conf
passwd: files sss ldap
sri-note: if we see ldap here that means nslcd

cd /etc/pam.d/
vim /etc/pam.d/login
vim /etc/pam.d/system-auth
we see
auth sufficient pam_ldap.so == to find ldap server we need
nslcd

vim /etc/nslcd.conf
sri-note: all information is hear from authconfig-gtk
like
uri ldap://server.example.com
base dc=example,dc=com
and in the bottom
ssl start_tls
tls_cacertdir /etc/openldap/cacerts

cd /etc/openldap/cacerts/
ls
authconfig_downloaded.pem
this is the same file which we downloaded from authconfig-gtk this
the same file === slapd.pem\
ldap related logs
tail -f /var/log/messages

=====exercise===