diff --git a/CHANGELOG.md b/CHANGELOG.md index 57ff78385ca..7a82941639e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ -- Added external link for creating virtual network peer for Azure in +- Added example for LDAP integration with Active Directory in + Administration Guide (bsc#1233696) +- Updated ports listing according to hidden ports file and fixed + references in Installation and Upgrade Guide +- Updated Troubleshooting Autoinstallation in Administration Guide +- Added external link for creating virtual network peer for Azure in Specialized Gudes (bsc#1234441) - Clarified SSH authentication methods during Web UI bootstrap process in Client Configuration Guide (bsc#1233497) diff --git a/modules/administration/pages/auth-methods-pam.adoc b/modules/administration/pages/auth-methods-pam.adoc index fb8e65e0fc7..1b11301aa44 100644 --- a/modules/administration/pages/auth-methods-pam.adoc +++ b/modules/administration/pages/auth-methods-pam.adoc @@ -16,19 +16,23 @@ PAM is a suite of libraries that allows you to integrate {productname} with a ce In usernames, additionally to alphanumeric characters, [literal]``-``, [literal]``_``, [literal]``.``, and [literal]``@`` are allowed. ==== . Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox. -. Configure SSSD in the container. - Connect inside the container using: +. Configure SSSD in the server container. + At the command prompt of the {productname} container host, as root, enter the server container: + + ---- mgrctl term ---- -Then change the file + +. Inside the container, execute the following steps: ++ +.. Edit [path]``/etc/sssd/sssd.conf`` according to your configuration. + For an example, see xref:administration:auth-methods-pam.adoc#auth-methods-pam-ad[]. +.. When done, exit the container: + ---- -/etc/sssd/sssd.conf +exit ---- -+ -. Set [literal]``krb5_keytab`` in ``domain/$domain`` to [literal]``/etc/sssd/krb5.keytab`` . Restart {productname} using: + ---- @@ -46,6 +50,52 @@ Use the password change mechanism of your network service to change the password ==== -For more information about configuring PAM, the SUSE Linux Enterprise Server Security Guide contains a generic example that also works for other network-based authentication methods. -It also describes how to configure an active directory service. +For more information about PAM configuration, see the {sles} Security Guide. The Security Guide contains a generic example that also works for other network-based authentication methods. +It also describes how to configure an Active Directory (AD) service. For more information, see {sles-base-os-documentation}/part-auth.html. + + + +[[auth-methods-pam-ad]] +=== LDAP Integration with Active Directory Example + +For LDAP integration with Active Directory, you can use the following example. + +In the code snippet, change the following placeholders according to your environment: + +[literal]``$domain``:: +Your domain name +[literal]``$ad_server``:: +FQDN of the AD server if it is not auto-detected from the [literal]``$domain`` +[literal]``$uyuni-hostname``: +The name of the machine this AD client is supposed to be known. +If not set, it will be [literal]``uyuni-server.mgr.internal``. + + +Example snippet for [path]``/etc/sssd/sssd.conf``: + +---- +[sssd] +config_file_version = 2 +services = nss, pam +domains = $domain + +[nss] + +[pam] + +[domain/$domain] +id_provider = ad +chpass_provider = ad +access_provider = ad +auth_provider = ad + +ad_domain = $domain +ad_server = $ad_server +ad_hostname = $uyuni-hostname + +ad_gpo_map_network = +susemanager + +krb5_keytab = FILE:/etc/rhn/krb5.conf.d/krb5.keytab +krb5_ccname_template = FILE:/tmp/krb5cc_%{uid} +----