A-S, A-S2, A-D, A-CLI, B-N, B-CLI
#scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /usr/local/share/ca-certificates/ca.crt
#update-ca-certificates
A-M
#cd /etc/ssl
#vim exts
#openssl req –new –out ldap.req –newkey rsa:2048 –nodes –keyout ldap.key
※CN은 LDAP
#openssl ca –in ldap.req –out ldap.crt –extfile exts
A-D
#scp 192.168.0.1:/etc/ssl/ldap.* /etc/ssl/
#scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/ssl/
#apt -y install slapd migrationtools krb5-kdc krb5-admin-server krb5-kdc-ldap
※ldap admin 패스워드는 korea2020!로 지정
#cp /usr/share/doc/slapd/examples/slapd.conf /etc/ldap
#cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz /etc/ldap/schema
#gunzip /etc/ldap/schema/kerberos.schema.gz
#vim /etc/krb5kdc/kadm5.acl
#slappasswd >> /etc/ldap/slapd.conf
※PW: korea2020!
#vim /etc/ldap/slapd.conf
:%s:@BAKCNED@:mdb:g
:%s:@SUFFIX@:dc=alpha,dc=com:g
:%s:@ADMIN@:cn=admin,dc=alpha,dc=com:g
:%s:dbconfig:#dbconfig:g
#rm -rf /etc/ldap/slapd.d/*
#slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/
#chmod 777 /etc/ldap/slapd.d –R
#vim /etc/default/slapd
#systemctl restart slapd
#vim /etc/ldap/ldap.conf
#vim /etc/krb5.conf
#kdb5_ldap_util -D cn=admin,dc=alpha,dc=com create -subtrees dc=alpha,dc=com -s -H ldaps://db.alpha.com -r ALPHA.COM
#kdb5_ldap_util -D cn=admin,dc=alpha,dc=com stashsrvpw -f /etc/krb5.secrets cn=admin,dc=alpha,dc=com
#systemctl restart krb5-*
#kadmin.local
:addprinc admin
:modprinc -maxlife “1 day” -maxrenewlife “90 day” krbtgt/ALPHA.COM@ALPHA.COM
:quit
#vim /etc/krb5kdc/kdc.conf
#systemctl restart krb5-*
#kadmin -p admin
:addprinc -randkey ldap/db.alpha.com
:ktadd ldap/db.alpha.com
:addprinc -randkey ldap/192.168.0.4
:ktadd ldap/192.168.0.4
:quit
#apt –y install libsasl2-modules-gssapi-mit
#chmod 777 /etc/krb5.keytab
#systemctl restart krb5-* slapd
#vim /root/kerbuser.sh
#chmod 777 /root/kerbuser.sh
#/root/kerbuser.sh
#cd /usr/share/migrationtools
#vim migrate_common.ph
#cp migrate_common.ph /usr/share/perl5
#vim /root/user.sh
#chmod 777 /root/user.sh
#/root/user.sh
#cd /usr/share/migrationtools
#./migrate_base.pl > ou.ldif
#./migrate_passwd.pl /etc/passwd > passwd.ldif
#vim ou.ldif
#vim passwd.ldif
※alpha01~alpha99만 냅두고 모두 삭제후 아래와 같이 작업
:%s:People:users:g
#ldapadd -cWD “cn=admin,dc=alpha,dc=com” -f ou.ldif
#ldapadd -cWD “cn=admin,dc=alpha,dc=com” -f passwd.ldif
#vim /root/deluser.sh
#chmod 777 /root/deluser.sh
#/root/deluser.sh
B-N
#scp 192.168.0.1:/etc/ssl/ldap.* /etc/ssl/
#scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/ssl/
#chmod 777 –R /etc/ssl/ldap.*
#apt -y install slapd migrationtools krb5-kdc krb5-admin-server krb5-kdc-ldap
※ldap admin 패스워드는 korea2020!로 지정
#scp 192.168.0.4:/etc/ldap/slapd.conf /etc/ldap/
#cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz /etc/ldap/schema
#gunzip /etc/ldap/schema/kerberos.schema.gz
#vim /etc/krb5kdc/kadm5.acl
#vim /etc/ldap/slapd.conf
:%s:dc=alpha,dc=com:dc=bravo,dc=com:g
#rm -rf /etc/ldap/slapd.d/*
#slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/
#chmod 777 /etc/ldap/slapd.d –R
#vim /etc/default/slapd
#systemctl restart slapd
#vim /etc/ldap/ldap.conf
#scp 192.168.0.4:/etc/krb5.conf /etc/
#vim /etc/krb5.conf
:%s:ALPHA.COM:BRAVO.COM:g
:%s:alpha.com:bravo.com:g
#scp 192.168.0.4:/etc/krb5.conf /etc/
#vim /etc/krb5.conf
:%s:ALPHA.COM:BRAVO.COM:g
:%s:alpha.com:bravo.com:g
#systemctl restart krb5*
#kadmin -p admin
:addprinc -randkey ldap/db.bravo.com
:ktadd ldap/db.bravo.com
:addprinc -randkey ldap/192.168.2.2
:ktadd ldap/192.168.2.2
:quit
#apt install libsasl2-modules-gssapi-mit
#chmod 777 /etc/krb5.keytab
#systemctl restart slapd krb5-*
#scp 192.168.0.4:/root/*.sh /root/
#vim /root/kerbuser.sh
#/root/kerbuser.sh
#cd /usr/share/migrationtools
#vim migrate_common.ph
#cp migrate_common.ph /usr/share/perl5
#vim /root/user.sh
#/root/user.sh
#cd /usr/share/migrationtools/
#./migrate_base.pl > ou.ldif
#./migrate_passwd.pl /etc/passwd > passwd.ldif
#vim ou.ldif
#vim passwd.ldif
※bravo01~bravo09만 냅두고 모두 삭제후 아래와 같이 작업
:%s:People:users:g
#ldapadd -cWD “cn=admin,dc=bravo,dc=com” -f ou.ldif
#ldapadd -cWD “cn=admin,dc=bravo,dc=com” -f passwd.ldif
#vim /root/deluser.sh
#chmod 777 /root/deluser.sh
#/root/deluser.sh
'OS > Linux' 카테고리의 다른 글
| [21전국] 1과제 8. MAIL&CHAT (0) | 2021.11.09 |
|---|---|
| [21전국] 1과제 7. PAM Authentication (0) | 2021.11.09 |
| [21전국] 1과제 5. DHCP 구성 (0) | 2021.11.09 |
| [21전국] 1과제 4. NAT 구성 (0) | 2021.11.09 |
| [21전국] 1과제 3. S2S VPN (0) | 2021.11.09 |
