{"id":125,"date":"2017-07-03T14:58:19","date_gmt":"2017-07-03T21:58:19","guid":{"rendered":"http:\/\/staff.washington.edu\/ketcham\/?p=125"},"modified":"2018-07-03T09:33:24","modified_gmt":"2018-07-03T16:33:24","slug":"uw-ldi-centos-7-client-virtualbox-vm-image-downloadable","status":"publish","type":"post","link":"https:\/\/staff.washington.edu\/ketcham\/uw-ldi-centos-7-client-virtualbox-vm-image-downloadable\/","title":{"rendered":"UW LDI CentOS 7 Client VirtualBox VM Image (downloadable)"},"content":{"rendered":"<div class=\"moz-text-html\" lang=\"x-western\">\n<p>To test <a href=\"http:\/\/staff.washington.edu\/ketcham\/log-in-to-linux-with-uw-linux-directory-infrastructure-ldi\/\">my LDI\/sssd configuration<\/a>, I did a clean build of CentOS 7 with Xfce.\u00a0 I configured sssd to use my LDI OU (\u2018chem\u2019) and the NETID.WASHINGTON.EDU kerberos domain.<\/p>\n<p>I built this as a vm on VirtualBox v.5.1.22.\u00a0 After configuring and testing I deleted my private key and cleaned up the image prior to exporting it in OVA portable format. OVA is supposed to be importable on VMWare as well as Virtual Box, and possibly other virtual host platforms.<\/p>\n<p>I set the vm network interface for NAT, and the CentOS system is configured with NetworkManager and DHCP, so it should \u201cplug-and-play\u201d in your UW network environment without any tweeking.<\/p>\n<p>Here is the download link for the OVA file:<br \/>\n<a href=\"https:\/\/drive.google.com\/open?id=0BxI0wVaxRoc3RVFSeUg0UDJ4TUk\" name=\"CentOS7-LDI-VM.ova\">https:\/\/drive.google.com\/open?id=0BxI0wVaxRoc3RVFSeUg0UDJ4TUk<\/a><\/p>\n<p>After you import the OVA and boot, log in as root with password \u2018ChangeMe!\u2019 and:<\/p>\n<ul>\n<li>Change the root password.<\/li>\n<li>Edit \/etc\/sssd\/sssd.conf to change my \u2018chem\u2019 LDAP OU to your own OU<\/li>\n<li>Must not be world readable (chmod 600 sssd.conf)<\/li>\n<li>Replace \/etc\/hostname with your own hostname.<\/li>\n<li>Replace \/etc\/pki\/tls\/certs\/ldi-client.crt and<br \/>\n\/etc\/pki\/tls\/certs\/ldi-client.key with your own.<\/li>\n<li>Key must not be world readable. (chmod 600 ldi-client.key)<\/li>\n<li>(The UW CA cert is already installed in <span style=\"color: #000000;\">\/etc\/pki\/ca-<\/span><span style=\"color: #000000;\">t<\/span><span style=\"color: #000000;\">rust\/source\/anchors.<\/span>)<\/li>\n<li>Reboot.<\/li>\n<\/ul>\n<p>You should be able to log in now with your UW netid, assuming you have <a href=\"https:\/\/wiki.cac.washington.edu\/display\/LDI\/Linux+Directory+Infrastructure+Service\">synchronized<\/a> your netid user to your LDI OU.<\/p>\n<p>Sssd and pam are configured for maximum log level. Log files are in \/var\/log\/sssd\/.<\/p>\n<p>Richard Ketcham<br \/>\nDept. of Chemistry<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>To test my LDI\/sssd configuration, I did a clean build of CentOS 7 with Xfce.\u00a0 I configured sssd to use my LDI OU (\u2018chem\u2019) and the NETID.WASHINGTON.EDU kerberos domain. I built this as a vm on VirtualBox v.5.1.22.\u00a0 After configuring and testing I deleted my private key and cleaned up the image prior to exporting&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/staff.washington.edu\/ketcham\/uw-ldi-centos-7-client-virtualbox-vm-image-downloadable\/\">Read More<i class=\"fa fa-angle-right\"><\/i><\/a><\/div>\n<p><br class=\"clear\" \/><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,2],"tags":[],"_links":{"self":[{"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/posts\/125"}],"collection":[{"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/comments?post=125"}],"version-history":[{"count":3,"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/posts\/125\/revisions"}],"predecessor-version":[{"id":338,"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/posts\/125\/revisions\/338"}],"wp:attachment":[{"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/media?parent=125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/categories?post=125"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staff.washington.edu\/ketcham\/wp-json\/wp\/v2\/tags?post=125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}