FTP server used certainly a lot, although there may be a lot of companies have abandoned, there are many other online solutions can be replaced, but there are some special uses, there is a certain use. After deploying LDAP, of course we want to be as much as possible to the authentication of other systems or applications in the production range to LDAP, so this time to use LDAP authentication login vsftp.
1. Preparatory work
123456789 |
#停止iptables,并查看iptables状态
/etc/init
.d
/iptables
stop
iptables -L -n
#禁用SELinux,并查看SELinux状态
setenforce 0
getenforce
#编辑/etc/hosts,添加openldap server的记录
echo
"192.168.49.138 ldapsrv01.contoso.com" >>
/etc/hosts
#添加成功后,最好ping一下,看是否能解析正常
|
2. Install related packages
Yum-y Install vsftpd ftpyum-y install NSS-PAM-LDAPD Pam_ldap
3, Configuration/etc/pam_ldap.conf
[Email protected] ~]# cp/etc/pam_ldap.conf/etc/pam_ldap.conf.bak$ (date +%f)
[Email protected] ~]# egrep-v "#|^$"/etc/pam_ldap.conf
Host 127.0.0.1
Base dc=example,dc=com
[Email protected] ~]# sed-i '/^host/s/host/#host/'/etc/pam_ldap.conf
[Email protected] ~]# sed-i '/^base/s/base/#base/'/etc/pam_ldap.conf
[Email protected] ~]# egrep-v "#|^$"/etc/pam_ldap.conf
[Email protected] ~]# echo "Host 192.168.49.138" >>/etc/pam_ldap.conf
[Email protected] ~]# echo "Base dc=contoso,dc=com" >>/etc/pam_ldap.conf
[Email protected] ~]# echo "Binddn cn=admin,dc=contoso,dc=com" >>/etc/pam_ldap.conf
[Email protected] ~]# echo "BINDPW 123456"/etc/pam_ldap.conf
[Email protected] ~]# egrep-v "#|^$"/etc/pam_ldap.conf
Host 192.168.49.138
Base dc=contoso,dc=com
BINDDN cn=admin,dc=contoso,dc=com
BINDPW 123456
4, Configuration/etc/vsftpd/vsftpd.conf
cp/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bak$ (Date +%f)
Vi/etc/vsftpd/vsftpd.conf
[Email protected] ~]# diff/etc/vsftpd/vsftpd.conf/etc/vsftpd/vsftpd.conf.bak2016-09-12
12c12
< Anonymous_enable=no
---
> Anonymous_enable=yes
28d27
< Anon_upload_enable=yes
33d31
< Anon_mkdir_write_enable=yes
103,104d100
< Chroot_local_user=yes
< #
124,126d119
< Guest_enable=yes
< guest_username=ftp
< Local_root=/opt/data
5, Configuration/etc/pam.d/vsftpd
cp/etc/pam.d/vsftpd/etc/pam.d/vsftpd.bak$ (Date +%f)
[Email protected] ~]# CAT/ETC/PAM.D/VSFTPD
#%pam-1.0
Session optional pam_keyinit.so Force revoke
Session Optional Pam_ldap.so
Auth sufficient pam_ldap.so
Auth Requiredpam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
Auth Requiredpam_shells.so
Auth includePassword-auth
Account Sufficient pam_ldap.so
Account includePassword-auth
Session Required Pam_loginuid.so
Session includePassword-auth
Password Required pam_ldap.so
6. Create the FTP root directory and start the VSFTPD service
Mkdir-p/opt/datachown-r ftp:ftp/opt/datachkconfig vsftpd on/etc/init.d/vsftpd start
7. Using FTP client Test
[[Email protected] ~]# FTP 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
(VsFTPd 2.2.2)
Name (127.0.0.1:root): CHARLESLV
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>
#ldap用户登录成功
[Email protected] ~]# Useradd user1
[Email protected] ~]# echo "111111" |passwd--stdin user1
Changing password for user user1.
Passwd:all authentication tokens updated successfully.
[[Email protected] ~]# FTP 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
(VsFTPd 2.2.2)
Name (127.0.0.1:root): User1
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>
#本地用户登录成功
This article is from "it Little two lang" blog, please make sure to keep this source http://jerry12356.blog.51cto.com/4308715/1852080
Configuration vsftp through OPENLDAP certification