OS/Linux

[21전국] 1과제 6. Kerberos&LDAP

_눙이_ 2021. 11. 9. 17:18
반응형

A-S, A-S2, A-D, A-CLI, B-N, B-CLI

#scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /usr/local/share/ca-certificates/ca.crt

#update-ca-certificates

 

A-M

#cd /etc/ssl

#vim exts

#openssl req –new –out ldap.req –newkey rsa:2048 –nodes –keyout ldap.key

CNLDAP

#openssl ca –in ldap.req –out ldap.crt –extfile exts

 

A-D

#scp 192.168.0.1:/etc/ssl/ldap.* /etc/ssl/

#scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/ssl/

#apt -y install slapd migrationtools krb5-kdc krb5-admin-server krb5-kdc-ldap  

ldap admin 패스워드는 korea2020!로 지정

 

 

#cp /usr/share/doc/slapd/examples/slapd.conf /etc/ldap
#cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz /etc/ldap/schema
#gunzip /etc/ldap/schema/kerberos.schema.gz

#vim /etc/krb5kdc/kadm5.acl

 

#slappasswd >> /etc/ldap/slapd.conf

PW: korea2020!
#vim /etc/ldap/slapd.conf
:%s:@BAKCNED@:mdb:g
:%s:@SUFFIX@:dc=alpha,dc=com:g
:%s:@ADMIN@:cn=admin,dc=alpha,dc=com:g
:%s:dbconfig:#dbconfig:g

 

 

 

#rm -rf /etc/ldap/slapd.d/*
#slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/
#chmod 777 /etc/ldap/slapd.d –R

#vim /etc/default/slapd

 

#systemctl restart slapd
#vim /etc/ldap/ldap.conf

 

 

 

#vim /etc/krb5.conf

 

 

 

#kdb5_ldap_util -D cn=admin,dc=alpha,dc=com create -subtrees dc=alpha,dc=com -s -H ldaps://db.alpha.com -r ALPHA.COM
#kdb5_ldap_util -D cn=admin,dc=alpha,dc=com stashsrvpw -f /etc/krb5.secrets cn=admin,dc=alpha,dc=com
#systemctl restart krb5-*
#kadmin.local
:addprinc admin
:modprinc -maxlife “1 day” -maxrenewlife “90 day” krbtgt/ALPHA.COM@ALPHA.COM

:quit
#vim /etc/krb5kdc/kdc.conf

 

#systemctl restart krb5-*
#kadmin -p admin

:addprinc -randkey ldap/db.alpha.com
:ktadd ldap/db.alpha.com
:addprinc -randkey ldap/192.168.0.4
:ktadd ldap/192.168.0.4

:quit
#apt –y install libsasl2-modules-gssapi-mit
#chmod 777 /etc/krb5.keytab

#systemctl restart krb5-* slapd
#vim /root/kerbuser.sh

 

#chmod 777 /root/kerbuser.sh
#/root/kerbuser.sh
#cd /usr/share/migrationtools
#vim migrate_common.ph

 

#cp migrate_common.ph /usr/share/perl5
#vim /root/user.sh

 

 

 

#chmod 777 /root/user.sh
#/root/user.sh

#cd /usr/share/migrationtools
#./migrate_base.pl > ou.ldif
#./migrate_passwd.pl /etc/passwd > passwd.ldif
#vim ou.ldif

 

#vim passwd.ldif
alpha01~alpha99만 냅두고 모두 삭제후 아래와 같이 작업
:%s:People:users:g
#ldapadd -cWD “cn=admin,dc=alpha,dc=com” -f ou.ldif
#ldapadd -cWD “cn=admin,dc=alpha,dc=com” -f passwd.ldif
#vim /root/deluser.sh

 

 

#chmod 777 /root/deluser.sh
#/root/deluser.sh

 

B-N
#scp 192.168.0.1:/etc/ssl/ldap.* /etc/ssl/

#scp 192.168.0.1:/etc/ssl/alpha/cacert.pem /etc/ssl/

#chmod 777 –R /etc/ssl/ldap.*

#apt -y install slapd migrationtools krb5-kdc krb5-admin-server krb5-kdc-ldap

ldap admin 패스워드는 korea2020!로 지정
#scp 192.168.0.4:/etc/ldap/slapd.conf /etc/ldap/

#cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz /etc/ldap/schema
#gunzip /etc/ldap/schema/kerberos.schema.gz
#vim /etc/krb5kdc/kadm5.acl

#vim /etc/ldap/slapd.conf
:%s:dc=alpha,dc=com:dc=bravo,dc=com:g
#rm -rf /etc/ldap/slapd.d/*
#slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/
#chmod 777 /etc/ldap/slapd.d –R

#vim /etc/default/slapd

#systemctl restart slapd
#vim /etc/ldap/ldap.conf

 

 

#scp 192.168.0.4:/etc/krb5.conf /etc/

#vim /etc/krb5.conf

:%s:ALPHA.COM:BRAVO.COM:g

:%s:alpha.com:bravo.com:g

 

#scp 192.168.0.4:/etc/krb5.conf /etc/

#vim /etc/krb5.conf

:%s:ALPHA.COM:BRAVO.COM:g

:%s:alpha.com:bravo.com:g

 

 

#systemctl restart krb5*
#kadmin -p admin

:addprinc -randkey ldap/db.bravo.com
:ktadd ldap/db.bravo.com

:addprinc -randkey ldap/192.168.2.2
:ktadd ldap/192.168.2.2

:quit
#apt install libsasl2-modules-gssapi-mit
#chmod 777 /etc/krb5.keytab

#systemctl restart slapd krb5-*
#scp 192.168.0.4:/root/*.sh /root/
#vim /root/kerbuser.sh

 

#/root/kerbuser.sh
#cd /usr/share/migrationtools
#vim migrate_common.ph

 

 

#cp migrate_common.ph /usr/share/perl5
#vim /root/user.sh

 

 

 

#/root/user.sh

#cd /usr/share/migrationtools/
#./migrate_base.pl > ou.ldif
#./migrate_passwd.pl /etc/passwd > passwd.ldif
#vim ou.ldif

 

 

#vim passwd.ldif
bravo01~bravo09만 냅두고 모두 삭제후 아래와 같이 작업
:%s:People:users:g
#ldapadd -cWD “cn=admin,dc=bravo,dc=com” -f ou.ldif
#ldapadd -cWD “cn=admin,dc=bravo,dc=com” -f passwd.ldif
#vim /root/deluser.sh

 

#chmod 777 /root/deluser.sh
#/root/deluser.sh

반응형