Configuration vsftp through OPENLDAP certification

FTP server used certainly a lot, although there may be a lot of companies have abandoned, there are many other online solutions can be replaced, but there are some special uses, there is a certain use. After deploying LDAP, of course we want to be as much as possible to the authentication of other systems or applications in the production range to LDAP, so this time to use LDAP authentication login vsftp.

1. Preparatory work

123456789

#停止iptables，并查看iptables状态/etc/init.d/iptablesstopiptables -L -n#禁用SELinux,并查看SELinux状态setenforce 0getenforce#编辑/etc/hosts，添加openldap server的记录echo"192.168.49.138   ldapsrv01.contoso.com" >>/etc/hosts#添加成功后，最好ping一下，看是否能解析正常

2. Install related packages

Yum-y Install vsftpd ftpyum-y install NSS-PAM-LDAPD Pam_ldap

3, Configuration/etc/pam_ldap.conf

[Email protected] ~]# cp/etc/pam_ldap.conf/etc/pam_ldap.conf.bak$ (date +%f)

[Email protected] ~]# egrep-v "#|^$"/etc/pam_ldap.conf

Host 127.0.0.1

Base dc=example,dc=com

[Email protected] ~]# sed-i '/^host/s/host/#host/'/etc/pam_ldap.conf

[Email protected] ~]# sed-i '/^base/s/base/#base/'/etc/pam_ldap.conf

[Email protected] ~]# egrep-v "#|^$"/etc/pam_ldap.conf

[Email protected] ~]# echo "Host 192.168.49.138" >>/etc/pam_ldap.conf

[Email protected] ~]# echo "Base dc=contoso,dc=com" >>/etc/pam_ldap.conf

[Email protected] ~]# echo "Binddn cn=admin,dc=contoso,dc=com" >>/etc/pam_ldap.conf

[Email protected] ~]# echo "BINDPW 123456"/etc/pam_ldap.conf

[Email protected] ~]# egrep-v "#|^$"/etc/pam_ldap.conf

Host 192.168.49.138

Base dc=contoso,dc=com

BINDDN cn=admin,dc=contoso,dc=com

BINDPW 123456

4, Configuration/etc/vsftpd/vsftpd.conf

cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bak$ (Date +%f)

Vi/etc/vsftpd/vsftpd.conf

[Email protected] ~]# diff/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bak2016-09-12

12c12

< Anonymous_enable=no

---

> Anonymous_enable=yes

28d27

< Anon_upload_enable=yes

33d31

< Anon_mkdir_write_enable=yes

103,104d100

< Chroot_local_user=yes

< #

124,126d119

< Guest_enable=yes

< guest_username=ftp

< Local_root=/opt/data

5, Configuration/etc/pam.d/vsftpd

cp/etc/pam.d/vsftpd/etc/pam.d/vsftpd.bak$ (Date +%f)

[Email protected] ~]# CAT/ETC/PAM.D/VSFTPD

#%pam-1.0

Session optional pam_keyinit.so Force revoke

Session Optional Pam_ldap.so

Auth sufficient pam_ldap.so

Auth Requiredpam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

Auth Requiredpam_shells.so

Auth includePassword-auth

Account Sufficient pam_ldap.so

Account includePassword-auth

Session Required Pam_loginuid.so

Session includePassword-auth

Password Required pam_ldap.so

6. Create the FTP root directory and start the VSFTPD service

Mkdir-p/opt/datachown-r ftp:ftp/opt/datachkconfig vsftpd on/etc/init.d/vsftpd start

7. Using FTP client Test

[[Email protected] ~]# FTP 127.0.0.1

Connected to 127.0.0.1 (127.0.0.1).

(VsFTPd 2.2.2)

Name (127.0.0.1:root): CHARLESLV

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

#ldap用户登录成功

[Email protected] ~]# Useradd user1

[Email protected] ~]# echo "111111" |passwd--stdin user1

Changing password for user user1.

Passwd:all authentication tokens updated successfully.

[[Email protected] ~]# FTP 127.0.0.1

Connected to 127.0.0.1 (127.0.0.1).

(VsFTPd 2.2.2)

Name (127.0.0.1:root): User1

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

#本地用户登录成功

This article is from "it Little two lang" blog, please make sure to keep this source http://jerry12356.blog.51cto.com/4308715/1852080

Configuration vsftp through OPENLDAP certification