In this exercise, you will need to troubleshoot and resolve authentication issues with LDAP, Kerberos, and PAM.
*This course is not approved or sponsored by Red Hat.*
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Troubleshoot and resolve Server1.
Resolve login issues for
testuser01
Try to log in as
testuser01
:ssh testuser01@localhost
View
/var/log/secure
:tail /var/log/secure
Attempt to pull the LDAP user information for
testuser01
:getent passwd testuser01
Perform an LDAP search:
ldapsearch -x *
View and modify
/etc/openldap/ldap.conf
:vim /etc/openldap/ldap.conf
Change:
URI ldap://ldap.example.com/
To:
URI ldap://auth.example.com/
Perform an LDAP search:
ldapsearch -x *
Restart the LDAP naming services daemon:
systemctl restart nslcd
Attempt to pull the LDAP user information for
testuser01
:getent passwd testuser01
View
/etc/sysconfig/authconfig
:cat /etc/sysconfig/authconfig
Modify
authconfig
using the TUI interface:authconfig-tui
Within
authconfig-tui
:- Verify Use LDAP is checked under User Information
- Check Use Kerberos under Authentication
- Modify the LDAP server to use auth.example.com
- Use auth.example.com for the KDC and Admin Server for Kerberos
Restart the LDAP naming services daemon:
systemctl restart nslcd
Pull the LDAP user information for
testuser01
:getent passwd testuser01
Log in to the localhost as
testuser01
:ssh testuser01@localhost
Obtain a Kerberos ticket
kinit
List cached Kerberos tickets and logout:
klist && exit
Resolve Samba issues for
cloud_user
Verify Samba is started and enabled:
systemctl start smb && systemctl enable smb
Attempt to list the shares using
cloud_user
:smbclient -U cloud_user -L localhost
View the Samba log:
tail /var/log/samba/log.smbd
View the Samba PAM config:
cat /etc/pam.d/samba
Verify the Samba package:
rpm -V samba
Move the modified file to
/root/samba.pam.old
:mv /etc/pam.d/samba /root/samba.pam.old
Reinstall Samba:
yum reinstall -y samba
List the shares using
cloud_user
:smbclient -U cloud_user -L localhost
- Troubleshoot and resolve Server2.
Use
authconfig-tui
to verify and modify LDAP/Kerberos authentication:authconfig-tui
- Verify Use LDAP is checked for both User Information and Authentication
- Verify Use Kerberos is checked for Authentication
- LDAP server should be auth.example.com
- Kerberos KDC and Admin should be auth.example.com
Perform an LDAP search:
ldapsearch -x *
Ping the LDAP server:
ping auth.example.com
Note the IP, view the contents of
/etc/hosts
:cat /etc/hosts
Modify
/etc/hosts
so that auth.example.com points to 10.0.1.5:vim /etc/hosts
Perform an LDAP search:
ldapsearch -x *
Restart the LDAP naming services daemon:
systemctl restart nslcd
Pull the LDAP user information for
testuser01
:getent passwd testuser01
Log in as
testuser01
:ssh testuser01@localhost
Obtain a Kerberos ticket:
kinit
List Kerberos ticket cache:
klist