Lab
A Cloud Guru

Troubleshooting Authentication Issues

In this exercise, you will need to troubleshoot and resolve authentication issues with LDAP, Kerberos, and PAM. *This course is not approved or sponsored by Red Hat.*

Try for free Contact sales

Path Info

Level

Advanced

Duration

2h 0m

Published

Apr 04, 2019

Challenge

Troubleshoot and resolve Server1.
Resolve login issues for testuser01

Try to log in as testuser01:
```
ssh testuser01@localhost
```
View /var/log/secure:
```
tail /var/log/secure
```
Attempt to pull the LDAP user information for testuser01:
```
getent passwd testuser01
```
Perform an LDAP search:
```
ldapsearch -x *
```
View and modify /etc/openldap/ldap.conf:
```
vim /etc/openldap/ldap.conf
```
Change:
```
URI ldap://ldap.example.com/
```
To:
```
URI ldap://auth.example.com/
```
Perform an LDAP search:
```
ldapsearch -x *
```
Restart the LDAP naming services daemon:
```
systemctl restart nslcd
```
Attempt to pull the LDAP user information for testuser01:
```
getent passwd testuser01
```
View /etc/sysconfig/authconfig:
```
cat /etc/sysconfig/authconfig
```
Modify authconfig using the TUI interface:
```
authconfig-tui
```
Within authconfig-tui:
- Verify Use LDAP is checked under User Information
- Check Use Kerberos under Authentication
- Modify the LDAP server to use auth.example.com
- Use auth.example.com for the KDC and Admin Server for Kerberos
Restart the LDAP naming services daemon:
```
systemctl restart nslcd
```
Pull the LDAP user information for testuser01:
```
getent passwd testuser01
```
Log in to the localhost as testuser01:
```
ssh testuser01@localhost
```
Obtain a Kerberos ticket
```
kinit
```
List cached Kerberos tickets and logout:
```
klist && exit
```
Resolve Samba issues for cloud_user

Verify Samba is started and enabled:
```
systemctl start smb && systemctl enable smb
```
Attempt to list the shares using cloud_user:
```
smbclient -U cloud_user -L localhost
```
View the Samba log:
```
tail /var/log/samba/log.smbd
```
View the Samba PAM config:
```
cat /etc/pam.d/samba
```
Verify the Samba package:
```
rpm -V samba
```
Move the modified file to /root/samba.pam.old:
```
mv /etc/pam.d/samba /root/samba.pam.old
```
Reinstall Samba:
```
yum reinstall -y samba
```
List the shares using cloud_user:
```
smbclient -U cloud_user -L localhost
```
Challenge

Troubleshoot and resolve Server2.
Use authconfig-tui to verify and modify LDAP/Kerberos authentication:
```
authconfig-tui
```
- Verify Use LDAP is checked for both User Information and Authentication
- Verify Use Kerberos is checked for Authentication
- LDAP server should be auth.example.com
- Kerberos KDC and Admin should be auth.example.com
Perform an LDAP search:
```
ldapsearch -x *
```
Ping the LDAP server:
```
ping auth.example.com
```
Note the IP, view the contents of /etc/hosts:
```
cat /etc/hosts
```
Modify /etc/hosts so that auth.example.com points to 10.0.1.5:
```
vim /etc/hosts
```
Perform an LDAP search:
```
ldapsearch -x *
```
Restart the LDAP naming services daemon:
```
systemctl restart nslcd
```
Pull the LDAP user information for testuser01:
```
getent passwd testuser01
```
Log in as testuser01:
```
ssh testuser01@localhost
```
Obtain a Kerberos ticket:
```
kinit
```
List Kerberos ticket cache:
```
klist
```

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.