内容简介:关闭2台机器的 selinux 和防火墙配置文件拷贝配置文件到 home 目录
关闭2台机器的 selinux 和防火墙
systemctl stop firewalld.service setenforce 0 [root@server ~]# sed -i s/^SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
安装
yum install openldap openldap-clients openldap-servers migrationtools
配置文件
cd /etc/openldap/slapd.d
拷贝配置文件到 home 目录
cp /usr/share/openldap-servers/slapd.ldif /home/
修改 dc=my-doamin 为你的域名
dn: olcDatabase=monitor,cn=config objectClass: olcDatabaseConfig olcDatabase: monitor olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none
设置一个密码
[root@server home]# slappasswd
New password:
Re-enter new password:
{SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
把密码加入到配置文件
olcRootDN: cn=Manager,dc=abc,dc=com
olcRootPW: {SSHA}6ZV4bJxlj6a0CPsqAwaXdS+AjPmSZ9Do
#增加一行PW:后注意是 tab 键盘 不要留空格
增加内容
include: file:///etc/openldap/schema/corba.ldif include: file:///etc/openldap/schema/core.ldif include: file:///etc/openldap/schema/cosine.ldif include: file:///etc/openldap/schema/duaconf.ldif include: file:///etc/openldap/schema/dyngroup.ldif include: file:///etc/openldap/schema/inetorgperson.ldif include: file:///etc/openldap/schema/java.ldif include: file:///etc/openldap/schema/misc.ldif include: file:///etc/openldap/schema/nis.ldif include: file:///etc/openldap/schema/openldap.ldif include: file:///etc/openldap/schema/ppolicy.ldif include: file:///etc/openldap/schema/collective.ldif
我这边得到的结果是,注意删除重复的,否则后面会报49错误
[root@server /]# cat /home/slapd.ldif
#
# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcPidFile: /var/run/openldap/slapd.pid
#
# TLS settings
#
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: "OpenLDAP Server"
olcTLSCertificateKeyFile: /etc/openldap/certs/password
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#
#olcReferral: ldap://root.openldap.org
#
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 64-bit encryption for simple bind
#
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
#
# Load dynamic backend modules:
# - modulepath is architecture dependent value (32/64-bit system)
# - back_sql.la backend requires openldap-servers-sql package
# - dyngroup.la and dynlist.la cannot be used at the same time
#
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
#olcModulepath: /usr/lib/openldap
#olcModulepath: /usr/lib64/openldap
#olcModuleload: accesslog.la
#olcModuleload: auditlog.la
#olcModuleload: back_dnssrv.la
#olcModuleload: back_ldap.la
#olcModuleload: back_mdb.la
#olcModuleload: back_meta.la
#olcModuleload: back_null.la
#olcModuleload: back_passwd.la
#olcModuleload: back_relay.la
#olcModuleload: back_shell.la
#olcModuleload: back_sock.la
#olcModuleload: collect.la
#olcModuleload: constraint.la
#olcModuleload: dds.la
#olcModuleload: deref.la
#olcModuleload: dyngroup.la
#olcModuleload: dynlist.la
#olcModuleload: memberof.la
#olcModuleload: pcache.la
#olcModuleload: ppolicy.la
#olcModuleload: refint.la
#olcModuleload: retcode.la
#olcModuleload: rwm.la
#olcModuleload: seqmod.la
#olcModuleload: smbk5pwd.la
#olcModuleload: sssvlv.la
#olcModuleload: syncprov.la
#olcModuleload: translucent.la
#olcModuleload: unique.la
#olcModuleload: valsort.la
#
# Schema settings
#
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/corba.ldif
include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/nis.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/ppolicy.ldif
include: file:///etc/openldap/schema/collective.ldif
#
# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
#
# Sample global access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#
#
# Configuration database
#
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" manage by * none
#
# Server status monitoring
#
dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
n=auth" read by dn.base="cn=Manager,dc=abc,dc=com" read by * none
#
# Backend database definitions
#
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: hdb
olcSuffix: dc=abc,dc=com
olcRootDN: cn=Manager,dc=abc,dc=com
olcRootPW: {SSHA}eO9asOoLigAQEaoCkAT+yG2A6B7+c5l5
olcDbDirectory: /var/lib/ldap
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
olcDbIndex: uidNumber,gidNumber,loginShell eq,pres
olcDbIndex: uid,memberUid eq,pres,sub
olcDbIndex: nisMapName,nisMapEntry eq,pres,sub
删除原有的配置
[root@server ~]# rm -rf /etc/openldap/slapd.d/*
将 home 目录的slapd.ldif 加载进配置文件目录中
[root@server home]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif 591fd54d str2entry: entry -1 has no dn slapadd: could not parse entry (line=724) _################### 99.70% eta none elapsed none spd 3.3 M/s Closing DB...
上面这个是提示有错误的,正确的应该是下面这样
[root@server ~]# slapadd -F /etc/openldap/slapd.d/ -n 0 -l /home/slapd.ldif _#################### 100.00% eta none elapsed none fast! Closing DB...
- -l:说明了包含要增加的条目的文本格式的LDIF输入文件
- -f:说明了slapd配置文件的格式。该配置文件说明了在何处创建索引,以及创建什么索引等等
- -n:说明修改那一个数据库的可选参数
测试文件是否正确
[root@server home]# slaptest -u -F /etc/openldap/slapd.d/ config file testing succeeded
若正确则提示:
config file testing succeeded
修改配置文件的所有者,否则无法读取这些配置:
chown -Rv ldap.ldap /etc/openldap/slapd.d
如下
[root@server slapd.d]# chown -Rv ldap.ldap /etc/openldap/slapd.d/
changed ownership of ‘/etc/openldap/slapd.d/cn=config.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={0}core.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema/cn={1}collective.ldif’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config/cn=schema’ from root:root to ldap:ldap
changed ownership of ‘/etc/openldap/slapd.d/cn=config’ from root:root to ldap:ldap
ownership of ‘/etc/openldap/slapd.d/’ retained as ldap:ldap
确认下所有者和所属组
[root@server slapd.d]# ll total 4 drwxr-x--- 3 ldap ldap 45 May 20 13:34 cn=config -rw------- 1 ldap ldap 589 May 20 13:34 cn=config.ldif
创建数据库配置文件
[root@server slapd.d]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG [root@server slapd.d]# chown -Rv ldap.ldap /var/lib/ldap/DB_CONFIG changed ownership of ‘/var/lib/ldap/DB_CONFIG’ from root:root to ldap:ldap
启动服务
[root@server ~]# systemctl start slapd.service [root@server ~]# systemctl status slapd.service [root@server ~]# systemctl enable slapd.service
创建多个用户
[root@server ~]# ./create_user.sh mkdir: created directory ‘/home/ldapuser’ Changing password for user lduser1. passwd: all authentication tokens updated successfully. Changing password for user lduser2. passwd: all authentication tokens updated successfully. Changing password for user lduser3. passwd: all authentication tokens updated successfully. Changing password for user lduser4. passwd: all authentication tokens updated successfully. Changing password for user lduser5. passwd: all authentication tokens updated successfully. Changing password for user lduser6. passwd: all authentication tokens updated successfully.
附脚本内容
[root@server ~]# cat create_user.sh
#!/bin/bash
USER_LIST=ldapuser.txt
HOME_ldap=/home/ldapuser
mkdir -pv $HOME_ldap
for USERID in `awk '{print $1}' $USER_LIST`; do
USERNAME="`grep "$USERID" $USER_LIST | awk '{print $2}'`"
HOMEDIR=${HOME_ldap}/${USERNAME}
useradd $USERNAME -u $USERID -d $HOMEDIR
grep "$USERID" $USER_LIST | awk '{print $3}' | passwd --stdin $USERNAME
done
[root@server ~]# cat ldapuser.txt
5000 lduser1 123456
5001 lduser2 123456
5002 lduser3 123456
5003 lduser4 123456
5004 lduser5 123456
5005 lduser6 123456
[root@server ~]#
修改 /usr/share/migrationtools/migrate_common.ph 文件
vim /usr/share/migrationtools/migrate_common.ph # Default DNS domain $DEFAULT_MAIL_DOMAIN = "abc.com"; # Default base $DEFAULT_BASE = "dc=abc,dc=com";
创建基本的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_base.pl > /root/base.ldif
创建用户的数据库模板文件
[root@server ~]# /usr/share/migrationtools/migrate_passwd.pl /etc/passwd /root/user.ldif
编辑vim /root/user.ldif,只留下LDAP用户的相关信息,删掉其他用户信息(不删也没事)。
user.ldif中所有的DN都是属于People这个OU,而People这个OU是在base.ldif中定义的。
user.ldif中所有的DN都是继承自以下4个类:
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
其中posixAccount和shadowAccount提供了uidNumber、gidNumber、homeDirectory、loginShell、userPassword这些属性
创建组数据库信息
[root@server ~]# /usr/share/migrationtools/migrate_group.pl /etc/group /root/group.ldif
编辑group.ldif,只留LDAP用户相关的组的信息,删掉其他用户信息(不删也没事)。
user.ldif中所有的DN都是属于Group这个OU,而Group这个OU是在base.ldif中定义的。
使用 ldapadd 导入数据库
在ldappadd命令中常用的选项如下:
-x:进行简单认证。
-D:用来绑定服务器的dn。
-h:目录服务的地址。
-w:绑定dn的密码。
-f:使用LDIF文件进行条目添加的文件。
[root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f user.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49) [root@server ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif Enter LDAP Password: ldap_bind: Invalid credentials (49)
49 是语法错误,检查配置文件
正常的是如下
[root@adsl-172-10-100-129 ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f base.ldif Enter LDAP Password: adding new entry "dc=abc,dc=com" adding new entry "ou=Hosts,dc=abc,dc=com" adding new entry "ou=Rpc,dc=abc,dc=com" adding new entry "ou=Services,dc=abc,dc=com" adding new entry "nisMapName=netgroup.byuser,dc=abc,dc=com" adding new entry "ou=Mounts,dc=abc,dc=com" adding new entry "ou=Networks,dc=abc,dc=com" adding new entry "ou=People,dc=abc,dc=com" adding new entry "ou=Group,dc=abc,dc=com" adding new entry "ou=Netgroup,dc=abc,dc=com" adding new entry "ou=Protocols,dc=abc,dc=com" adding new entry "ou=Aliases,dc=abc,dc=com" adding new entry "nisMapName=netgroup.byhost,dc=abc,dc=com" [root@adsl-172-10-100-129 ~]# ldapadd -D "cn=Manager,dc=abc,dc=com" -W -x -f group.ldif Enter LDAP Password: adding new entry "cn=root,ou=Group,dc=abc,dc=com" adding new entry "cn=bin,ou=Group,dc=abc,dc=com" adding new entry "cn=daemon,ou=Group,dc=abc,dc=com" adding new entry "cn=sys,ou=Group,dc=abc,dc=com" adding new entry "cn=adm,ou=Group,dc=abc,dc=com" adding new entry "cn=tty,ou=Group,dc=abc,dc=com" adding new entry "cn=disk,ou=Group,dc=abc,dc=com" adding new entry "cn=lp,ou=Group,dc=abc,dc=com" adding new entry "cn=mem,ou=Group,dc=abc,dc=com" adding new entry "cn=kmem,ou=Group,dc=abc,dc=com" adding new entry "cn=wheel,ou=Group,dc=abc,dc=com" adding new entry "cn=cdrom,ou=Group,dc=abc,dc=com" adding new entry "cn=mail,ou=Group,dc=abc,dc=com" adding new entry "cn=man,ou=Group,dc=abc,dc=com" adding new entry "cn=dialout,ou=Group,dc=abc,dc=com" adding new entry "cn=floppy,ou=Group,dc=abc,dc=com" adding new entry "cn=games,ou=Group,dc=abc,dc=com" adding new entry "cn=tape,ou=Group,dc=abc,dc=com" adding new entry "cn=video,ou=Group,dc=abc,dc=com" adding new entry "cn=ftp,ou=Group,dc=abc,dc=com" adding new entry "cn=lock,ou=Group,dc=abc,dc=com" adding new entry "cn=audio,ou=Group,dc=abc,dc=com" adding new entry "cn=nobody,ou=Group,dc=abc,dc=com" adding new entry "cn=users,ou=Group,dc=abc,dc=com" adding new entry "cn=utmp,ou=Group,dc=abc,dc=com" adding new entry "cn=utempter,ou=Group,dc=abc,dc=com" adding new entry "cn=input,ou=Group,dc=abc,dc=com" adding new entry "cn=systemd-journal,ou=Group,dc=abc,dc=com" adding new entry "cn=systemd-bus-proxy,ou=Group,dc=abc,dc=com" adding new entry "cn=systemd-network,ou=Group,dc=abc,dc=com" adding new entry "cn=dbus,ou=Group,dc=abc,dc=com" adding new entry "cn=polkitd,ou=Group,dc=abc,dc=com" adding new entry "cn=abrt,ou=Group,dc=abc,dc=com" adding new entry "cn=unbound,ou=Group,dc=abc,dc=com" adding new entry "cn=tss,ou=Group,dc=abc,dc=com" adding new entry "cn=libstoragemgmt,ou=Group,dc=abc,dc=com" adding new entry "cn=rpc,ou=Group,dc=abc,dc=com" adding new entry "cn=colord,ou=Group,dc=abc,dc=com" adding new entry "cn=usbmuxd,ou=Group,dc=abc,dc=com" adding new entry "cn=cgred,ou=Group,dc=abc,dc=com" adding new entry "cn=dip,ou=Group,dc=abc,dc=com" adding new entry "cn=ssh_keys,ou=Group,dc=abc,dc=com" adding new entry "cn=saslauth,ou=Group,dc=abc,dc=com" adding new entry "cn=geoclue,ou=Group,dc=abc,dc=com" adding new entry "cn=libvirt,ou=Group,dc=abc,dc=com" adding new entry "cn=rtkit,ou=Group,dc=abc,dc=com" adding new entry "cn=radvd,ou=Group,dc=abc,dc=com" adding new entry "cn=rpcuser,ou=Group,dc=abc,dc=com" adding new entry "cn=nfsnobody,ou=Group,dc=abc,dc=com" adding new entry "cn=kvm,ou=Group,dc=abc,dc=com" adding new entry "cn=qemu,ou=Group,dc=abc,dc=com" adding new entry "cn=chrony,ou=Group,dc=abc,dc=com" adding new entry "cn=setroubleshoot,ou=Group,dc=abc,dc=com" adding new entry "cn=pulse-access,ou=Group,dc=abc,dc=com" adding new entry "cn=pulse-rt,ou=Group,dc=abc,dc=com" adding new entry "cn=pulse,ou=Group,dc=abc,dc=com" adding new entry "cn=gdm,ou=Group,dc=abc,dc=com" adding new entry "cn=gnome-initial-setup,ou=Group,dc=abc,dc=com" adding new entry "cn=sshd,ou=Group,dc=abc,dc=com" adding new entry "cn=avahi,ou=Group,dc=abc,dc=com" adding new entry "cn=slocate,ou=Group,dc=abc,dc=com" adding new entry "cn=postdrop,ou=Group,dc=abc,dc=com" adding new entry "cn=postfix,ou=Group,dc=abc,dc=com" adding new entry "cn=ntp,ou=Group,dc=abc,dc=com" adding new entry "cn=stapusr,ou=Group,dc=abc,dc=com" adding new entry "cn=stapsys,ou=Group,dc=abc,dc=com" adding new entry "cn=stapdev,ou=Group,dc=abc,dc=com" adding new entry "cn=tcpdump,ou=Group,dc=abc,dc=com" adding new entry "cn=fwj,ou=Group,dc=abc,dc=com" adding new entry "cn=apache,ou=Group,dc=abc,dc=com" adding new entry "cn=ldap,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser1,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser2,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser3,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser4,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser5,ou=Group,dc=abc,dc=com" adding new entry "cn=lduser6,ou=Group,dc=abc,dc=com"
配置 nfs
1.安装nfs
yum -y install nfs-utils
2.配置nfs
[root@server ~]# cat /etc/exports /home/ldapuser 172.10.100.0/24(rw,sync)
启动服务
[root@server ~]# systemctl start nfs-server.service
打开挂载nfs
[root@adsl-172-10-100-129 home]# exportfs -rv exporting *:/home/ldapuser
查看端口
[root@server ~]# ss -ant| grep 389 LISTEN 0 128 *:389 *:* LISTEN 0 128 :::389 :::* [root@server ~]# ss -ant| grep 2049 LISTEN 0 64 *:2049 *:* LISTEN 0 64 :::2049 :::*
设置为开机启动
[root@server ~]# systemctl enable nfs-server.service
配置日志
配置日志
编辑rsyslog配置文件:
vi /etc/rsyslog.conf
加上一行:
local4.* /var/log/ldap.log
然后
touch /var/log/ldap.log
重启rsyslog:
systemctl restart rsyslog.service
如果slapd启动出问题,可查看/var/log/messages文件,比如:
systemctl status slapd.service -l tail -f /var/log/messages
服务器配置到此结束。
客户端配置
配置LDAP客户端
1.绑定 hosts
[root@client ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.10.100.129 abc.com
2.安装LDAP认证相关软件包
yum -y install sssd-ldap nss-pam-ldapd
3.开启LDAP,终端执行命令authconfig-tui,按TAB键选择 LDAP,然后切换到NEXT
然后配置服务端信息,填写dc信息和服务器信息
客户端测试登陆lduser1
[root@client /]# su - lduser1 su: warning: cannot change directory to /home/ldapuser/lduser1: No such file or directory -bash-4.2$ -bash-4.2$
ok的,然后解决下bash-4.2找不到环境变量的问题,直接将远程的目录通过nfs挂载过来
[root@client /]# mkdir -p /home/ldapuser [root@client /]# mount -t nfs 172.10.100.120:/home/ldapuser/ /home/ldapuser/ [root@client /]# cd /home/ldapuser/ [root@client ldapuser]# ls lduser1 lduser2 lduser3 lduser4 lduser5 lduser6 [root@client ldapuser]# su - lduser1 Last login: Sat May 20 23:11:00 EDT 2017 on pts/0 [lduser1@client ~]$ [lduser1@client ~]$ [lduser1@client ~]$
配置自动挂载
安装autofs
[root@client ~]# yum -y install autofs
编辑
[root@client ~]# vim /etc/auto.master /home/ /etc/auto.nfs
拷贝文件并修改文件
[root@client ~]# cp /etc/auto.misc /etc/auto.nfs [root@client ~]# vim /etc/auto.nfs
增加
ldapuser -fstype=nfs 172.10.100.120:/home/ldapuser/
设置为开机启动
systemctl start autofs systemctl enable autofs
测试
[root@client home]# ls [root@client home]# [root@client home]# cd ldapuser [root@client ldapuser]# ls lduser1 lduser2 lduser3 lduser4 lduser5 lduser6 [root@client ldapuser]#
这样当你每次切换目录都会自动挂载
[root@client home]# su - lduser1 Last login: Sat May 20 23:12:22 EDT 2017 on pts/0 [lduser1@client ~]$ [lduser1@client ~]$ [lduser1@client ~]$ ls [lduser1@client ~]$ cd /home/ [lduser1@client home]$ ls ldapuser [lduser1@client home]$ cd ldapuser/ [lduser1@client ldapuser]$ ls lduser1 lduser2 lduser3 lduser4 lduser5 lduser6 [lduser1@client ldapuser]$
故障处理
发现无法切换到服务器的用户,查看日志
[root@client ~]# tail -n 20 -f /var/log/messages May 20 22:39:36 client nslcd[2266]: [4a3fe6] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:39:36 client nslcd[2266]: [4ef005] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:39:36 client nslcd[2266]: [4ef005] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:40:02 client systemd: Started Session 2 of user root. May 20 22:40:02 client systemd: Starting Session 2 of user root. May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> failed to bind to LDAP server ldap://abc.com: Can't contact LDAP server: Transport endpoint is not connected May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected May 20 22:40:02 client nslcd[2266]: [f9c13c] <group/member="gdm"> no available LDAP server found: Server is unavailable: Transport endpoint is not connected May 20 22:40:02 client nslcd[2266]: [9bb77c] <group/member="root"> no available LDAP server found: Server is unavailable May 20 22:40:02 client nslcd[2266]: [9bb77c] <group/member="root"> no available LDAP server found: Server is unavailable May 20 22:40:02 client nslcd[2266]: [5ac794] <group/member="gdm"> no available LDAP server found: Server is unavailable May 20 22:40:02 client nslcd[2266]: [5ac794] <group/member="gdm"> no available LDAP server found: Server is unavailable
发现客户端 Telnet 服务22端口是可以的,但是389端口不行
[root@client ~]# telnet 172.10.100.129 22 Trying 172.10.100.129... Connected to 172.10.100.129. Escape character is '^]'. SSH-2.0-OpenSSH_6.6.1 ^C Connection closed by foreign host. [root@client ~]# [root@client ~]# telnet 172.10.100.129 389 Trying 172.10.100.129... telnet: connect to address 172.10.100.129: No route to host
服务器上 telnet 389是可以的
[root@server slapd.d]# ss -ant State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:20048 *:* LISTEN 0 64 *:45649 *:* LISTEN 0 5 192.168.122.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 *:45311 *:* LISTEN 0 64 *:2049 *:* LISTEN 0 128 *:389 *:* LISTEN 0 128 *:933 *:* ESTAB 0 0 172.10.100.129:22 192.168.50.86:54266 LISTEN 0 128 :::39343 :::* LISTEN 0 128 :::111 :::* LISTEN 0 128 :::80 :::* LISTEN 0 128 :::20048 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 64 :::43488 :::* LISTEN 0 64 :::2049 :::* LISTEN 0 128 :::389 :::* [root@server slapd.d]# telnet 127.0.0.1 389 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
以上这个问题一直没弄好,我重新换了个全新的系统重新来做的。
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- 使用微服务构建云Web服务
- 微服务架构有毒,何时不使用微服务?
- Web服务 – 使用Lisp的Web服务
- 从0开始学微服务:如何使用服务路由?
- 使用Knative提供无服务器服务的简单案例
- Angular7创建项目、组件、服务以及服务的使用
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Data Structures and Algorithms
Alfred V. Aho、Jeffrey D. Ullman、John E. Hopcroft / Addison Wesley / 1983-1-11 / USD 74.20
The authors' treatment of data structures in Data Structures and Algorithms is unified by an informal notion of "abstract data types," allowing readers to compare different implementations of the same......一起来看看 《Data Structures and Algorithms》 这本书的介绍吧!
