Last active
March 18, 2024 17:18
Revisions
-
mazgi revised this gist
May 21, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -36,7 +36,7 @@ lrwxrwxrwx 1 root root 18 Jul 19 16:35 /etc/ldap.conf.sudo -> openldap/ldap.con [sssd] config_file_version = 2 services = nss,pam,sudo,ssh domains = example debug_level = 1 [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd -
May 21, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,7 @@ Linux base 4.0.5-gentoo #1 SMP Wed Jul 1 02:23:16 JST 2015 x86_64 Intel(R) Xeon( # grep -vE '^\s*($|#)' /etc/openldap/ldap.conf BASE dc=example,dc=co,dc=jp URI ldap://ldap1.example.co.jp ldap://ldap2.example.co.jp tls_reqcert never sudoers_base ou=SUDOers,dc=example,dc=co,dc=jp nss_initgroups backlink binddn cn=Authenticator,dc=example,dc=co,dc=jp -
Jul 19, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,7 +9,7 @@ Linux base 4.0.5-gentoo #1 SMP Wed Jul 1 02:23:16 JST 2015 x86_64 Intel(R) Xeon( # emerge -pvq openldap openssh sssd sudo [ebuild R ] net-nds/openldap-2.4.38-r2 USE="berkdb crypt gnutls ipv6 minimal sasl ssl syslog tcpd -cxx -debug -experimental -icu -iodbc -kerberos -odbc -overlays -perl -samba (-selinux) -slp -smbkrb5passwd" ABI_X86="(64) -32 (-x32)" [ebuild R ] net-misc/openssh-6.9_p1-r2 USE="hpn pam pie ssl -X -X509 -bindist -debug -kerberos -ldap -ldns -libedit -sctp (-selinux) -skey -ssh1 -static" [ebuild R ] sys-auth/sssd-1.12.4 USE="manpages nls ssh sudo -acl -augeas -autofs -locator -netlink -nfsv4 -python -samba (-selinux) {-test}" ABI_X86="(64) -32 (-x32)" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4" PYTHON_TARGETS="python2_7 python3_3 -python3_4" [ebuild R ] app-admin/sudo-1.8.12 USE="ldap nls pam sendmail -offensive (-selinux) -skey" ``` -
Jul 19, 2015 . 1 changed file with 17 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -108,4 +108,21 @@ session required pam_unix.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077 session optional pam_sss.so session optional pam_permit.so ``` ### OpenSSH configuration ```shellsession # grep -vE '^\s*($|#)' /etc/ssh/sshd_config PubkeyAuthentication yes AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys AuthorizedKeysCommandUser nobody PasswordAuthentication no ChallengeResponseAuthentication no UsePAM yes PrintMotd no PrintLastLog no UsePrivilegeSeparation sandbox # Default for new installations. Subsystem sftp /usr/lib64/misc/sftp-server AcceptEnv LANG LC_* ``` -
Jul 19, 2015 . 1 changed file with 23 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -85,4 +85,27 @@ bootparams: files automount: files aliases: files sudoers: files ldap sss ``` ### PAM configuration ```shellsession # grep -vE '^\s*($|#)' /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_unix.so try_first_pass likeauth nullok auth sufficient pam_sss.so use_first_pass auth optional pam_permit.so account required pam_unix.so account [default=bad success=ok user_unknown=ignore] pam_sss.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow password sufficient pam_sss.so use_authtok password optional pam_permit.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0077 session optional pam_sss.so session optional pam_permit.so ``` -
Jul 19, 2015 . 1 changed file with 21 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -64,4 +64,25 @@ ldap_group_member = memberUid ldap_id_use_start_tls = false chpass_provider = ldap cache_credentials = true ``` ### Name Service Switch configuration ```shellsession # grep -vE '^\s*($|#)' /etc/nsswitch.conf passwd: compat sss shadow: compat sss group: compat sss hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files sudoers: files ldap sss ``` -
Jul 19, 2015 . 1 changed file with 37 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -27,4 +27,41 @@ bindpw P@ssw0rd! # ls -l /etc/openldap/ldap.conf /etc/ldap.conf.sudo lrwxrwxrwx 1 root root 18 Jul 19 16:35 /etc/ldap.conf.sudo -> openldap/ldap.conf -rw-r--r-- 1 root root 250 Jul 19 16:36 /etc/openldap/ldap.conf ``` ### SSS Configuration ```shellsession # grep -vE '^\s*($|#)' /etc/sssd/sssd.conf [sssd] config_file_version = 2 services = nss,pam,sudo,ssh domains = mvrck debug_level = 1 [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd [pam] [sudo] subdomain_enumerate = true debug_level = 9 [domain/example] id_provider = ldap auth_provider = ldap sudo_provider = ldap ldap_search_base = dc=example,dc=co,dc=jp ldap_sudo_search_base = ou=SUDOers,dc=example,dc=co,dc=jp ldap_tls_reqcert = never ldap_uri = ldap://ldap1.example.co.jp ldap_schema = rfc2307 debug_level = 1 enumerate = true ldap_default_bind_dn = cn=Authenticator,dc=example,dc=co,dc=jp ldap_default_authtok = P@ssw0rd! ldap_group_object_class = posixGroup ldap_group_search_base = ou=Group,dc=example,dc=co,dc=jp ldap_group_name = cn ldap_group_member = memberUid ldap_id_use_start_tls = false chpass_provider = ldap cache_credentials = true ``` -
Jul 19, 2015 . 1 changed file with 16 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,4 +11,20 @@ Linux base 4.0.5-gentoo #1 SMP Wed Jul 1 02:23:16 JST 2015 x86_64 Intel(R) Xeon( [ebuild R ] net-misc/openssh-6.9_p1-r2 USE="hpn pam pie ssl -X -X509 -bindist -debug -kerberos -ldap -ldns -libedit -sctp (-selinux) -skey -ssh1 -static" [ebuild R ] sys-auth/sssd-1.12.1 USE="locator manpages nls -acl -augeas -autofs -netlink -nfsv4 -python (-selinux) -ssh -sudo {-test}" PYTHON_TARGETS="python2_7" [ebuild R ] app-admin/sudo-1.8.12 USE="ldap nls pam sendmail -offensive (-selinux) -skey" ``` ### LDAP Client configuration ```shellsession # grep -vE '^\s*($|#)' /etc/openldap/ldap.conf BASE dc=example,dc=co,dc=jp URI ldap://ldap1.example.co.jp ldap://ldap2.example.co.jp tls_reqcert naver sudoers_base ou=SUDOers,dc=example,dc=co,dc=jp nss_initgroups backlink binddn cn=Authenticator,dc=example,dc=co,dc=jp bindpw P@ssw0rd! # ls -l /etc/openldap/ldap.conf /etc/ldap.conf.sudo lrwxrwxrwx 1 root root 18 Jul 19 16:35 /etc/ldap.conf.sudo -> openldap/ldap.conf -rw-r--r-- 1 root root 250 Jul 19 16:36 /etc/openldap/ldap.conf ``` -
Jul 19, 2015 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,8 @@ ```shellsession # uname -a Linux base 4.0.5-gentoo #1 SMP Wed Jul 1 02:23:16 JST 2015 x86_64 Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz GenuineIntel GNU/Linux ``` ### Packages ```shellsession -
Jul 19, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,9 @@ ### Packages ```shellsession # emerge -pvq openldap openssh sssd sudo [ebuild R ] net-nds/openldap-2.4.38-r2 USE="berkdb crypt gnutls ipv6 minimal sasl ssl syslog tcpd -cxx -debug -experimental -icu -iodbc -kerberos -odbc -overlays -perl -samba (-selinux) -slp -smbkrb5passwd" ABI_X86="(64) -32 (-x32)" [ebuild R ] net-misc/openssh-6.9_p1-r2 USE="hpn pam pie ssl -X -X509 -bindist -debug -kerberos -ldap -ldns -libedit -sctp (-selinux) -skey -ssh1 -static" [ebuild R ] sys-auth/sssd-1.12.1 USE="locator manpages nls -acl -augeas -autofs -netlink -nfsv4 -python (-selinux) -ssh -sudo {-test}" PYTHON_TARGETS="python2_7" [ebuild R ] app-admin/sudo-1.8.12 USE="ldap nls pam sendmail -offensive (-selinux) -skey" ```