To test my LDI/sssd configuration, I did a clean build of CentOS 7 with Xfce. I configured sssd to use my LDI OU (‘chem’) and the NETID.WASHINGTON.EDU kerberos domain.
I built this as a vm on VirtualBox v.5.1.22. After configuring and testing I deleted my private key and cleaned up the image prior to exporting it in OVA portable format. OVA is supposed to be importable on VMWare as well as Virtual Box, and possibly other virtual host platforms.
I set the vm network interface for NAT, and the CentOS system is configured with NetworkManager and DHCP, so it should “plug-and-play” in your UW network environment without any tweeking.
Here is the download link for the OVA file:
https://drive.google.com/open?id=0BxI0wVaxRoc3RVFSeUg0UDJ4TUk
After you import the OVA and boot, log in as root with password ‘ChangeMe!’ and:
- Change the root password.
- Edit /etc/sssd/sssd.conf to change my ‘chem’ LDAP OU to your own OU
- Must not be world readable (chmod 600 sssd.conf)
- Replace /etc/hostname with your own hostname.
- Replace /etc/pki/tls/certs/ldi-client.crt and
/etc/pki/tls/certs/ldi-client.key with your own. - Key must not be world readable. (chmod 600 ldi-client.key)
- (The UW CA cert is already installed in /etc/pki/ca-trust/source/anchors.)
- Reboot.
You should be able to log in now with your UW netid, assuming you have synchronized your netid user to your LDI OU.
Sssd and pam are configured for maximum log level. Log files are in /var/log/sssd/.
Richard Ketcham
Dept. of Chemistry