You are on page 1of 21

1. Configure your Host Name, IP Address, Gateway and DNS.

Host name: station.domain40.example.com


/etc/sysconfig/network
hostname=abc.com
hostname abc.com
IP Address:172.24.40.40/24 -
Gateway172.24.40.1 -
DNS:172.24.40.1 –
cd /etc/syscofig/network-scripts/
ls
vim ifcfg-eth0 (Configure IP Address, Gateway and DNS) IPADDR=172.24.40.40

GATEWAY=172.24.40.1 -
DNS1=172.24.40.1 -
vim /etc/sysconfig/network
(Configure Host Name)
HOSTNAME= station.domain40.example.com

OR -
Graphical Interfaces:
System->Preference->Network Connections (Configure IP Address, Gateway and DNS) Vim
/etc/sysconfig/network
(Configure Host Name)

Add 3 users: harry, natasha, tom.


The requirements: The Additional group of the two users: harry, Natasha is the admin group. The
user: tom's login shell should be non-interactive.
useradd -G admin harry
useradd -G admin natasha
useradd -s /sbin/nologin tom
id harry;id Natasha (Show additional group)
cat /etc/passwd
(Show the login shell)

OR -
system-config-users

Create a catalog under /home named admins. Its respective group is requested to be the admin
group. The group users could read and write, while other users are not allowed to access it. The
files created by users from the same group should also be the admin group.

cd /home/
mkdir admins /
chown .admin admins/
chmod 770 admins/
chmod g+s admins/
Configure a task: plan to run echo hello command at 14:23 every day.
which echo
crontab -e
23 14 * * * /bin/echo hello
crontab -l (Verify)

Find the files owned by harry, and copy it to catalog: /opt/dir


cd /opt/
mkdir dir
find / -user harry -exec cp -rfp {} /opt/dir/ \;

Find the rows that contain abcde from file /etc/testfile, and write it to the file/tmp/testfile, and the
sequence is requested as the same as /etc/testfile.
cat /etc/testfile | while read line;
do
echo $line | grep abcde | tee -a /tmp/testfile
done

OR -
grep `abcde' /etc/testfile > /tmp/testfile
Create a 2G swap partition which take effect automatically at boot-start, and it should not affect
the original swap partition.
fdisk /dev/sda
p
(check Partition table)
n
(create new partition: press e to create extended partition, press p to create the main partition, and
the extended partition is further divided into logical partitions)

Enter -
+2G
t
l

W-
partx -a /dev/sda
partprobe
mkswap /dev/sda8

Copy UUID -
swapon -a
vim /etc/fstab
UUID=XXXXX swap swap defaults 0 0
(swapon -s)
Create a user named alex, and the user id should be 1234, and the password should be
alex111.
useradd -u 1234 alex
passwd alex
alex111
alex111

OR -
echo alex111|passwd -stdin alex

Install a FTP server, and request to anonymous download from /var/ftp/pub catalog. (it needs you
to configure yum direct to the already existing file server. )

cd /etc/yum.repos.d
vim local.repo
[local]
name=local.repo
baseurl=file:///mnt
enabled=1
gpgcheck=0
yum makecache
yum install -y vsftpd
service vsftpd restart
chkconfig vsftpd on
chkconfig --list vsftpd
vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES

Configure a HTTP server, which can be accessed through http://station.domain40.example.com.


Please download the released page from http://ip/dir/example.html.

yum install -y httpd


chkconfig httpd on
cd /var/www/html
wget http://ip/dir/example.html
cp example.com index.html
vim /etc/httpd/conf/httpd.conf
NameVirtualHost 192.168.0.254:80
<VirtualHost 192.168.0.254:80>
DocumentRoot /var/www/html/
ServerName station.domain40.example.com
</VirtualHost>

Configure the verification mode of your host account and the password as LDAP. And it can
ldapuser40. The password is set as "password". And the certificate login successfully through
can be downloaded from http://ip/dir/ldap.crt. After the user logs on , the user has no host
directory unless you configure the autofs in the following questions.
system-config-authentication
LDAP Server: ldap//instructor.example.com (In domain form, not write IP)

OR -
yum groupinstall directory-client (1.krb5-workstation 2.pam-krb5 3.sssd)
system-config-authentication
1.User Account Database: LDAP
2.LDAP Search Base DN: dc=example,dc=com
3.LDAP Server: ldap://instructor.example.com (In domain form, not write IP) 4.Download CA
Certificate
5.Authentication Method: LDAP password
6.Apply
getent passwd ldapuser40

Configure autofs to make sure after login successfully, it has the home directory autofs, which is
shared as /rhome/ldapuser40 at the ip: 172.24.40.10. and it also requires that, other ldap users can
use the home directory normally.

chkconfig autofs on
cd /etc/
vim /etc/auto.master
/rhome /etc/auto.ldap
cp auto.misc auto.ldap
vim auto.ladp
ldapuser40 -rw,soft,intr 172.24.40.10:/rhome/ldapuser40
* -rw,soft,intr 172.16.40.10:/rhome/&
service autofs stop
server autofs start
showmount -e 172.24.40.10
su - ladpuser40

Configure the system synchronous as 172.24.40.10.

Graphical Interfaces:
System-->Administration-->Date & Time

OR -
system-config-date

Change the logical volume capacity named vo from 190M to 300M. and the size of the floating
range should set between 280 and 320. (This logical volume has been mounted in advance.)
vgdisplay
(Check the capacity of vg, if the capacity is not enough, need to create pv , vgextend , lvextend)
lvdisplay (Check lv)
lvextend -L +110M /dev/vg2/lv2
resize2fs /dev/vg2/lv2
mount -a
(Verify)
------------------------------------------------------------------------------- (Decrease lvm)
umount /media
fsck -f /dev/vg2/lv2
resize2fs -f /dev/vg2/lv2 100M
lvreduce -L 100M /dev/vg2/lv2
mount -a
lvdisplay (Verify)

OR -
e2fsck -f /dev/vg1/lvm02
resize2fs -f /dev/vg1/lvm02
mount /dev/vg1/lvm01 /mnt
lvreduce -L 1G -n /dev/vg1/lvm02
lvdisplay (Verify)

Create a volume group, and set 16M as a extends. And divided a volume group containing 50
extends on volume group lv, make it as ext4 file system, and mounted automatically under
/mnt/data.

pvcreate /dev/sda7 /dev/sda8


vgcreate -s 16M vg1 /dev/sda7 /dev/sda8
lvcreate -l 50 -n lvm02
mkfs.ext4 /dev/vg1/lvm02
blkid /dev/vg1/lv1
vim /etc/fstab
mkdir -p /mnt/data
UUID=xxxxxxxx /mnt/data ext4 defaults 0 0
vim /etc/fstab
mount -a
mount
(Verify)

Upgrading the kernel as 2.6.36.7.1, and configure the system to Start the default kernel, keep the
old kernel available.

cat /etc/grub.conf
cd /boot
lftp it
get dr/dom/kernel-xxxx.rpm
rpm -ivh kernel-xxxx.rpm
vim /etc/grub.conf
default=0

Create a 512M partition, make it as ext4 file system, mounted automatically under /mnt/data and
which take effect automatically at boot-start.

fdisk /dev/vda
n
+512M
w
partprobe /dev/vda
mkfs -t ext4 /dev/vda5
mkdir -p /data
vim /etc/fstab
/dev/vda5 /data ext4 defaults 0 0
mount –a

Create a volume group,and set 8M as a extends. Divided a volume group containing 50 extends
on volume group lv (lvshare), make it as ext4 file system, and mounted automatically under
/mnt/data. And the size of the floating range should set between 380M and 400M.

fdisk
partprobe
pvcreate /dev/vda6
vgcreate -s 8M vg1 /dev/vda6 -s
lvcreate -n lvshare -l 50 vg1 -l
mkfs.ext4 /dev/vg1/lvshare
mkdir -p /mnt/data
vim /etc/fstab
/dev/vg1/lvshare /mnt/data ext4 defaults 0 0
mount -a
df –h

Download ftp://192.168.0.254/pub/boot.iso to /root, and mounted automatically under


/media/cdrom and which take effect automatically at boot-start.

cd /root; wget ftp://192.168.0.254/pub/boot.iso


mkdir -p /media/cdrom
vim /etc/fstab
/root/boot.iso /media/cdrom iso9660 defaults,loop 0 0
mount -a
mount [-t vfstype] [-o options] device dir
Add admin group and set gid=600 –

groupadd -g 600 admin

Add user: user1, set uid=601 -

Password: redhat -
The user's login shell should be non-interactive.

useradd -u 601 -s /sbin/nologin user1


passwd user1
redhat

Add users: user2, user3.


The Additional group of the two users: user2, user3 is the admin group Password: redhat

useradd -G admin user2


useradd -G admin user3
passwd user2
redhat
passwd user3
redhat

Copy /etc/fstab to /var/tmp name admin, the user1 could read, write and modify it, while user2
without any permission.

cp /etc/fstab /var/tmp/
chgrp admin /var/tmp/fstab
setfacl -m u:user1:rwx /var/tmp/fstab
setfacl -m u:user2:--- /var/tmp/fstab
ls -l
-rw-rw-r--+ 1 root admin 685 Nov 10 15:29 /var/tmp/fstab

Configure a task: plan to run echo "file" command at 14:23 every day.

(a) Created as administrator


crontab -u natasha -e
23 14 * * * /bin/echo "file"
(b)Created as natasha
su - natasha
$ crontab -e
23 14 * * * /bin/echo "file"

Ldap Server needs to be configured


NTP(Network Time protocol) Server Should be Configured.
Note/Caution: This blog has been written to show you the exam pattern and to give you Linux
System Administration understanding. DevOpsAGE Technologies does not guarantee the
passing of RedHat Certified System Administration Exam.

So Let’s Start, You Will be Provided with the Network Details as follow,

Note: Take care of the Ip’s, It will be different in the examination.

Ethernet/Device = eth0
Hostname = serverX.example.com
IP address = 172.10.1.10
Netmask = 255.255.255.0
Default Gateway = 172.10.1.254
DNS search path = example.com
primary DNS server = 172.10.1.250

Prerequisite:

Step: 1 change the root password in your virtual machine using single user mode. – No Marks for
this activity.

Steps:-

login to the virtual machine and open terminal


Reboot the system, Interrupt the booting process
press “e”, delete the tty console in the second line and add “rd.break”
press ctrl+x
# mount -o remount, rw /sysroot
# chroot /sysroot
# echo ‘your_password’ | passwd root –stdin
# touch /.autorelabel
# exit
Now, log in with the new password.
Step: 2. Create network Connection

# nmcli con add con-name eth0 ifname eth0 type ethernet


# nmcli con mod eth0 ipv4.address '172.10.1.10/24172.10.1.254' ipv4.dns172.10.1.250 ipv4.dns-
search example.com ipv4.method manual
# nmcli con mod eth0 connection.autoconnect yes
# nmcli con up eth0
# nmcli con show
# nmcli device status
# systemctl enable network
# systemctl restart network
# hostnamectl set-hostname serverX.example.com
# systemctl set-default graphical.target
# systemctl isolate graphical.target
# systemctl restart network
# init 6
Questions:

Qs-1. Configure yum client

Yum baseurl path = http://content.example.com/rhel7.0/x86_64/dvd

Solution:

# cd /etc/yum.repos.d
# rm -rf *
# vim devopsage.repo

[devopsage]
name=yum-repo
baseurl=http://content.example.com/rhel7.0/x86_64/dvd
gpgcheck=0
enabled=1
:wq

# yum clean all


# yum list all
# yum repolist
=====================================================================
=============================

Qs-2. SELinux should be in enforcing mode on your both systems.

Solutions:

# getenforce
enforcing

If it is not in enforcing mode, then change it to enforcing mode by,

# vim /etc/selinux/config
SELINUX=enforcing
:wq!
# reboot
Note: In order to reflect the changes, it is mandatory to reboot the system.

=====================================================================
=============================

Qs-3. Install the appropriate Kernel from


http://server.domainX.example.com/pub/updates/kernel. Your machine should boot with the
updated kernel.

Solution:

# uname -r // Verify the Current Kernel


# yum install firefox* -y
# wget http://server.domainX.example.com/pub/updates/kernel.......rpm
# rpm -ivh kernel-firmware.2.-------.rpm
# init 6 // Choose the newly installed Kernel to boot
=====================================================================
============================

Qs-4. Create the “LVM” with the name “fedora” by using 100PE’s from the volume group
“redhat”. Consider the PE size as “8MB”. Mount it on /mnt/data with filesystem xfs.

Note: In the exam, you should create an only extended partition, don’t create a primary partition
as 3 primary partitions already exist by default. So if you create a primary partition you won’t be
able to create a further partition.

Solution:

# fdisk -l
# fdisk /dev/vda (create a partition with "804M" & give hexa code as "8e" for linux LVM)
# partx -a /dev/vda (run this CMD twice)
(or)
# partprobe
# pvcreate /dev/vda4
# vgcreate -s 8M redhat /dev/vda4
# lvcreate -l 100 -n fedora redhat
# mkfs.xfs /dev/redhat/fedora
# blkid
# mkdir /mnt/date

# vim /etc/fstab

/dev/redhat/fedora /mnt/data xfs defaults 0 0

:wq
# mount -a
# df -h
=====================================================================
=============================

Q5. Extend the lvm size to 250MB the location from “/dev/redhat/fedora” without loosing any
data.

Solution:

# lvextend -L +250M /dev/redhat/fedora


# lvs
# xfs_growfs /dev/redhat/fedora

Note: If it is in ext3 file system use below command,


# resize2fs/dev/redhat/fedora
# df -h
=====================================================================
=============================

Qs-6. Extend the SWAP space with “512” MB don’t remove or extend the existing swap. Your
new Swap should be mounted at booting time also.

Solution:

# free -m
# fdisk -l
# fdisk /dev/vda // create a partition with 512M & give hexa code as 82
# partprobe
(or)
# partx -a /dev/vda // run this CMD twice
# mkswap /dev/vda5
# swapon /dev/vda5

# vim /etc/fstab

/dev/vda6 swap swap defaults 0 0

:wq

# mount -a
# free -m
=====================================================================
=============================
Qs-7. Create a group named “admin”

A user harry and natasha should belongs to “admin” group as a secondary group with users
password “wakennym”.
user sarah should not have access to interactive shell and she should not be a member of “admin”
group.
Solution:

# groupadd admin
# useradd -G admin harry
# useradd -G admin natasha
# useradd -s /sbin/nologin sarah
# passwd harry
# passwd natasha
# passwd sarah

OR

# echo "wakennym" | passwd --stdin sarah


# echo "wakennym" | passwd --stdin natasha
# echo "wakennym" | passwd --stdin harry
# cat /etc/passwd // Verify the newly created users
# cat /etc/group
=====================================================================
=============================

Qs-8. Create the Directory “/home/admin” with the following characteristics.

Group ownership of “/home/admin” should go to “sysadmin” group.


The directory should have read, write & access permission for all members of “sysadmin” group
but not to any other users. ( It is understood understand that the “root” has full access to all files
present in the system).
Files created under “/home/admin” should get the same group ownership is set to the “sysadmin”
group.
# mkdir /home/admin
# chgrp sysadmin /home/admin
# chmod 2770 /home/admin
# ls -ld /home/admin
=====================================================================
=============================

Qs-9. The user sarah must configure a cron job that runs daily at 14:23 every day. and executes
“/bin/echo “Welcome to the world of Linux”.

# crontab -eu sarah


23 14 * * * /bin/echo "Welcome to the world of Linux"

:wq

# systemctl restart crond


# systemctl enable crond
# crontab -lu sarah
=====================================================================
=============================

Qs-10. Copy the file /etc/fstab to /var/tmp and configure the “ACL” as mention following.

The file /vat/tmp/fstab is owned by the “root”.


The file /var/tmp/fstab belongs to the group “root”
The file /var/tmp/fstab should not be executable by any one.
The user “sarah” should able to read and write to the file.
The user “natasha” can neither read nor write to the file. other users (future and current) shuold
be able to read /var/tmp/fstab.

# cp /etc/fstab /var/tmp
# setfacl -m u:sarah:rw- /var/tmp/fstab
# setfacl -m u:natasha:--- /var/tmp/fstab
# getfacl /var/tmp/fstab
=====================================================================
=============================

Qs-11. Create the user “jein” with uid 4332 with password “wakennym”.

# useradd -u 4332 jein


# echo "wakennym" | passwd --stdin jein
(or)
# passwd jein
=====================================================================
=============================

Qs-12. locate the files of owner “harry” and copy to the location /root/result directory. Also
preserve the permission, ownership and time stamp.

# mkdir /root/result
# find / -user harry -exec cp -rvfp {} /root/result/ \;
# cd /root/result
# ls -lrt
=====================================================================
============================
Qs-13. Find the string “squid” from “/usr/share/dict/words” file and copy the lines in
/root/lists.txt.

# grep "squid" /usr/share/dict/words > /root/lists.txt


=====================================================================
============================

Qs-14. Note the following. BASE DN: dc=example,dc=com LDAP path


ldap://classroom.example.com/. Download the certificate from
“http://classroom.example.com/pub/example-ca.crt” Ldapuserx should login into your system.

# yum install sssd authconfig-gtk -y


# system-config-authentication

Mention LDAP search base DN : dc=example,dc=com here,

LDAP SEVER = ldap://classroom.example.com/

Click the CA certificate http://classroom.example.com/pub/example-ca.crt

Click Apply

Provide the proper entries which are mention in the question paper & Click Apply

# getent passwd ldapuserX


or
# id ldapuser
=====================================================================
============================

Qs-15. Note the following,

classroom.example.com “Nfs exports” and Nfs Version 3 /home/guests/ldapuserX


Ldapuser’s home directory is classroom.example.com:/home/guests/ldapuserX.
Ldapuser’s home directory should be automounted locally beneath /home/guests/ldapuserX.
If login using ldapuserX then only home directory should accesible.
# yum install autofs* -y
# vim /etc/auto.master
/home/guests /etc/auto.misc
:wq
# vim /etc/auto.misc
ldapuserX -rw,vers=3 classroom.example.com:/home/guests/ldapuserX
:wq
# systemctl stop autofs.service
# systemctl start autofs.service
# systemctl enable autofs.service
# su - ldapuserX
# pwd
=====================================================================
=============================

Qs-16. Synchronize time of your system with the server classroom.example.com.

# vim /etc/chrony.conf
// comment the above servers then write below as it is
serverX classroom.example.com iburst
:wq!
# systemctl restart chronyd.service
# systemctl enable chronyd.service
# chronyc sources -v
# timedatectl

NTP Sync: Yes


=====================================================================
===========================

Qs-17. Compression & archive for /etc folder in gunzip/bunzip2 format.

# tar czvf etc.tar.gz /etc


# du -h etc.tar.gz
(or)
# tar cjvf etc.tar.bz /etc
# du -h etc.tar.bz

1) Reset Root Password ?

=> This is the first and very important Question in RHCSA exam. If you will not able to reset
password then its not possible to get into the machine and solve other question.

a. Enter Emergency Mode


- Reboot and enter grub edit menu by pressing the 'e' button
- Find the linux16 or linuxefi line and add rd.break selinux=0 to the end of the line
- Start the boot process by pressing CTRL+x

b. Reset the password


- Remount the sysroot file system in r/w mode and then use chroot at /sysroot
─────────────────────────────
~]# mount -o remount,rw /sysroot
~]# chroot /sysroot
─────────────────────────────

- Change the password


──────
~]# passwd

Exit from the shell and reboot system for login with root using new password.

2) Set network settings and hostname ?

=> a. Configure Network

The easiest/fastest way to do this is to use the nmtui command.

b. Set hostname

~]# hostnamectl set-hostname NEW_HOSTNAME

3) Set SELinux into enforcing mode ?

=> ~]# setenforce enforcing

~]# vi /etc/selinux/config

Edit line starting with SELINUX=enforcing

4) Enable yum repository.

=> Configure the machine to access a yum repo at server.example.com/repo

a. Create repo file /etc/yum.repos.d/yum.repo

Contents:
─────────────────────────────────────────────
[update]
name=update
baseurl=http://server.example.com/repo
gpgcheck=0
enabled=1
─────────────────────────────────────────────

b. Verify that your new repo is available.

~]# yum repolist

c. Verify access to the repo by installing something

~]# yum install system-config-*


5) User creation.

=> Create 3 users - larry, curly, and moe.


All 3 users belong to supplemental group stooges.
User moe should have a shell of nologin

You'll need to pay attention to the wording here. The instructions say the users have to belong to
a supplemental group stooges - that means they need to also belong to a primary group. The most
logical assumption is that they each belong to their own private group (ex. larry:larry,
curly:curly, etc…)

~]# groupadd stooges


~]# useradd larry -G stooges
~]# useradd curly -G stooges
~]# useradd moe -s /bin/nologin -G stooges

6) Create a shared folder ?

=> Create a directory that members of the stooges group can access.
Ensure that files created in the directory are owned by the stooges group.

The solution is to use the SGID bit on the directory


────────────────────────────────────────────────
~]# mkdir /shared
~]# chown :stooges /shared
~]# chmod g+s /shared OR chmod 2775 /shared
────────────────────────────────────────────────

7) Activate and start services via systemctl ?

=> In exam you will ask to activate and start any service. Here, Iam enabling GUI target.
~]# systemctl enable graphical.target
~]# systemctl start graphical.target

8) Find all files owned by user bob and copy them to a newly created directory /tmp/bobs_files ?

=> We can do this using find command

~]# mkdir /tmp/bobs_files


~]# find / -user bob | xargs -I {} cp {} /tmp/bobs_files/
9) Find strings matching xyz in the file /tmp/test-log-file and save them in /tmp/matching-log-
entries ?

=> ~]# grep xyz /tmp/test-log-file > /tmp/matching-log-entries

10) Create a gzipped tar archive (/tmp/log_archive.tgz) containing all the files in /var/log ?

=> ~]# tar -zcvf /tmp/log_archive.tgz /var/log

11) Use ACLs on files ?

=> Create file /tmp/acl_file.


The file is owned by bob:bob.
Allow larry and curly to rwx the file.
Don’t allow moe to access the file (rwx).
All member of stooges (except moe) should be able to access the file (rw).

a. Create the file

~]# touch /tmp/acl_file

b. Set the ownership

~]# chown bob:bob /tmp/acl_file

c. Allow larry/curly access

~]# setafcl -m u:larry:rwx /tmp/acl_file


~]# setafcl -m u:curly:rwx /tmp/acl_file

d. Deny moe access

~]# setfacl -m u:moe:- /tmp/acl_file

e. Allow members of stooges access

~]# setfacl -m g:stooges:rw /tmp/acl_file

12) Update the kernel via new YUM-repo ?


=> A kernel update is available in a different location (not the first yum repo).
In exam you will get the location of the kernel where it is store accordingly create yum repo
for that.

a. Create a yum repo for the new location (refer to question #4)

b. Issue the command to update the kernel

~]# yum update kernel

c. Reboot to enable new kernel (Edit the entry in the /boot/grub2/grub.cfg file to set new
kernel as default)

~]# reboot

13) Create a Cronjob for bob that runs /bin/date daily at 3:18pm and redirects the output to
/home/bob/stamp ?

=> a. Modify bob crontab entry

~]# crontab -eu bob

b. Add the command

18 15 * * * /bin/date >> /home/bob/stamp

14) Create a new 800MiB swap partition ?

=> In exam probably you will get single disk with 3 partitions
P1 - Boot
P2 - LVM
P3 - LVM

The question didn't specify that the new swap partition had to be part of the LVM so the easiest
way to do this is to create another partition to use as a swap partition.

a. Use fdisk to create the partition (use +800M for Last Sector)
b. Issue the command blkid to get the UUID for the newly created disk
c. Add an entry to fstab (ex. UUID=<blkid-output> swap swap 0 0)
d. Issue the command swapon -a to enable the newly added partition

15) Create a new logical volume cattle with a size of 25 extents belonging to volume group
farming with a PE size of 32M ?

=> a. Create a new PV


This is where we would create a new partition with fdisk or parted and after that create
physical volume.
Here, I am assuming you have created new partition /dev/sda3
~]# pvcreate /dev/sda3

b. Create a new VG
Use the vgcreate command with the flags:
-s or --physicalextentsize set to 32M
~]# vgcreate -s 32M farming /dev/sda3

c. Create new LV
Use lvcreate with the flags:
-n or --name to provide the name
-l or --extents to provide the size
~]# lvcreate -l 25 farming -n cattle

d. Create filesystem on the new Logical Volume.


~]# mkfs.ext4 /dev/farming/cattle

e. Mount LV and add an entry to fstab.


~]# mkdir /cattle
~]# mount /dev/farming/cattle /cattle
~]# vi /etc/fstab
/dev/farming/cattle /cattle ext4 defaults 0 0

16) Create a connection to LDAP ?

=> LDAP is used for users and authentication

A certificate is required (available for download)

~]# yum install -y openldap-clients nss-pam-ldapd


~]# authconfig --enableforcelegacy --update
~]# authconfig --enableldap --enableldapauth --enableldapserver="server.example.com" --
ldapbasedn="dc=example,dc=com" --update

To enable creation of Home directories if not exist:

~]# yum install oddjob-mkhomedir


~]# authconfig --enablemkhomedir

Put the LDAP server certificate into the /etc/openldap/cacerts directory:


~]# scp root@server.example.com:/etc/openldap/certs/cert.pem
/etc/openldap/certs/cacert/cert.pem
~]# restorecon /etc/openldap/certs/cert.pem

To enable TLS
~]# authconfig --enableldaptls --update

Testing configuration
~]# getent passwd ldapuser01

17) Use the NFS-automounter to get home directory mounted ?

=> ~]# yum install -y autofs nfs-utils

~]# vi /etc/auto.master
/home/guests /etc/auto.misc

~]# vi /etc/auto.misc
* -rw,nfs4 server.example.com:/home/guests/&

~]# systemctl enable autofs


~]# systemctl start autofs

Test Configuration.
~]# su - ldapuser01

18) Configure NTP to synchronize with time.example.com ?

=> a. Add the entry to /etc/chrony.conf


~]# vi /etc/chrony.conf
server time.example.com

b. Restart the service and ensure it's enabled (systemctl)


~]# systemctl restart chronyd

c. Query chrony to verify (chronyc sources -v) o/p should display time.example.com
~]# chronyc sources -v

You might also like