🌐 🇵🇱 Polski · 🇬🇧 EN
Previously, we discussed the possibility of managing user accounts from a single central machine, something like LDAP. For the exam, it may be useful to know how to connect a workstation to a directory services server that is already in place. There are several ways to connect to such a server and two types of connections. Learn the commands you need to accomplish this.
- authconfig-tui - graphical configuration for a network authentication client
- authconfig - text-based version of the network authentication configuration tool
Only the graphical tool will be discussed, as configuration is faster, which is important due to the limited time during the exam. Those interested in the text-based version will have to look for information elsewhere on their own for now or check back here in the future.
Before we use the authconfig-tui tool, we will discuss the manual settings and configurations of both authentication methods for two network clients: NIS and LDAP. Although NIS is not required for the exam, it may be useful if you encounter an older version of the system.
The first type of network user authorization is NIS. To use it, you need to have two packages installed so the client can authenticate.
- ypbind - The actual NIS server client service
- portmap - A package providing security for the NIS client
We will start by installing the required packages on the system:
# yum install -y ypbind portmap
After installation, you need to configure the /etc/yp.conf file, where we will define the client settings. You must define the NIS server's IP address and the domain name.
# vi /etc/yp.conf
Uncomment the line:
domain NISDOMAIN server HOSTNAME
For practice, you can use example.com as the domain name and 172.168.1.1 as the NIS address; now the line should look like this:
domain example.com server 172.168.1.1
Save and close the file, then start the service:
# service ypbind start
Starting ypbind: [ OK ]
# service portmap start
Starting portmap: [ OK ]
On the exam, you may also need to set the services to start after a system reboot:
# chkconfig ypbind on
# chkconfig portmap on
Finally, we need to edit the /etc/nsswitch file and set what happens with users and groups if NIS authentication is unavailable, so they can log in locally.
We edit the following lines exactly like this:
shadow: nis files
group: nis files
Now that we know which files to configure, let's look at an alternative way using the authconfig-tui tool via the graphical configuration menu. Launch the tool:
# authconfig-tui
Select NIS authorization
Enter the domain and IP address of the NIS server
This tool automatically modifies the /etc/nsswitch.conf and /etc/yp.conf files for you. Simpler, right? Your user can now log in to systems using network credentials and, alternatively, using available local permissions.
The second method of network authorization is using LDAP. This solution is similar to NIS in configuration. In the authconfig-tui tool menu, you simply select a different option, and you need to have a different package installed on the system.
# yum install -y openldap nss_ldap
Just as with NIS, configuration can also be done manually by editing files. Let's see how to perform the configuration using the authconfig-tui tool:
# authconfig-tui
Select LDAP authorization
Enter the appropriate data regarding the domain and IP address
The materials related to the "users" password have made you a guru of user and group management in Linux systems. User administration is a very important topic from the point of view of operating system management.




Comments