Deployment Guide
I. Basic System Configuration
Expand section "I. Basic System Configuration" Collapse section "I. Basic System Configuration"
1. 1. Keyboard Configuration
  Expand section "1. Keyboard Configuration" Collapse section "1. Keyboard Configuration"
2. 2. Date and Time Configuration
  Expand section "2. Date and Time Configuration" Collapse section "2. Date and Time Configuration"
  1. 2.1. Date/Time Properties Tool
    
    Expand section "2.1. Date/Time Properties Tool" Collapse section "2.1. Date/Time Properties Tool"
    
    2.1.1. Date and Time Properties
    
    2.1.2. Network Time Protocol Properties
    
    2.1.3. Time Zone Properties
  2. 2.2. Command Line Configuration
    
    Expand section "2.2. Command Line Configuration" Collapse section "2.2. Command Line Configuration"
    
    2.2.1. Date and Time Setup
    
    2.2.2. Network Time Protocol Setup
3. 3. Managing Users and Groups
  Expand section "3. Managing Users and Groups" Collapse section "3. Managing Users and Groups"
  1. 3.1. What Users and Groups Are
  2. 3.2. Managing Users via the User Manager Application
    
    Expand section "3.2. Managing Users via the User Manager Application" Collapse section "3.2. Managing Users via the User Manager Application"
    
    3.2.1. Viewing Users
    
    3.2.2. Adding a New User
    
    3.2.3. Modifying User Properties
  3. 3.3. Managing Groups via the User Manager Application
    
    Expand section "3.3. Managing Groups via the User Manager Application" Collapse section "3.3. Managing Groups via the User Manager Application"
    
    3.3.1. Viewing Groups
    
    3.3.2. Adding a New Group
    
    3.3.3. Modifying Group Properties
  4. 3.4. Managing Users via Command-Line Tools
    
    Expand section "3.4. Managing Users via Command-Line Tools" Collapse section "3.4. Managing Users via Command-Line Tools"
    
    3.4.1. Creating Users
    
    3.4.2. Attaching New Users to Groups
    
    3.4.3. Updating Users' Authentication
    
    3.4.4. Modifying User Settings
    
    3.4.5. Deleting Users
    
    3.4.6. Displaying Comprehensive User Information
  5. 3.5. Managing Groups via Command-Line Tools
    
    Expand section "3.5. Managing Groups via Command-Line Tools" Collapse section "3.5. Managing Groups via Command-Line Tools"
    
    3.5.1. Creating Groups
    
    3.5.2. Attaching Users to Groups
    
    3.5.3. Updating Group Authentication
    
    3.5.4. Modifying Group Settings
    
    3.5.5. Deleting Groups
  6. 3.6. Additional Resources
    
    Expand section "3.6. Additional Resources" Collapse section "3.6. Additional Resources"
    
    3.6.1. Installed Documentation
4. 4. Gaining Privileges
  Expand section "4. Gaining Privileges" Collapse section "4. Gaining Privileges"
5. 5. Console Access
  Expand section "5. Console Access" Collapse section "5. Console Access"
  1. 5.1. Disabling Console Program Access for Non-root Users
  2. 5.2. Disabling Rebooting Using Ctrl+Alt+Del
II. Subscription and Support
Expand section "II. Subscription and Support" Collapse section "II. Subscription and Support"
1. 6. Registering the System and Managing Subscriptions
  Expand section "6. Registering the System and Managing Subscriptions" Collapse section "6. Registering the System and Managing Subscriptions"
2. 7. Accessing Support Using the Red Hat Support Tool
  Expand section "7. Accessing Support Using the Red Hat Support Tool" Collapse section "7. Accessing Support Using the Red Hat Support Tool"
  1. 7.1. Installing the Red Hat Support Tool
  2. 7.2. Registering the Red Hat Support Tool Using the Command Line
  3. 7.3. Using the Red Hat Support Tool in Interactive Shell Mode
  4. 7.4. Configuring the Red Hat Support Tool
    
    Expand section "7.4. Configuring the Red Hat Support Tool" Collapse section "7.4. Configuring the Red Hat Support Tool"
    
    7.4.1. Saving Settings to the Configuration Files
  5. 7.5. Opening and Updating Support Cases Using Interactive Mode
  6. 7.6. Viewing Support Cases on the Command Line
  7. 7.7. Additional Resources
III. Installing and Managing Software
Expand section "III. Installing and Managing Software" Collapse section "III. Installing and Managing Software"
1. 8. Yum
  Expand section "8. Yum" Collapse section "8. Yum"
  1. 8.1. Checking For and Updating Packages
    
    Expand section "8.1. Checking For and Updating Packages" Collapse section "8.1. Checking For and Updating Packages"
    
    8.1.1. Checking For Updates
    
    8.1.2. Updating Packages
    
    8.1.3. Preserving Configuration File Changes
    
    8.1.4. Upgrading the System Off-line with ISO and Yum
  2. 8.2. Packages and Package Groups
    
    Expand section "8.2. Packages and Package Groups" Collapse section "8.2. Packages and Package Groups"
    
    8.2.1. Searching Packages
    
    8.2.2. Listing Packages
    
    8.2.3. Displaying Package Information
    
    8.2.4. Installing Packages
    
    8.2.5. Removing Packages
  3. 8.3. Working with Transaction History
    
    Expand section "8.3. Working with Transaction History" Collapse section "8.3. Working with Transaction History"
    
    8.3.1. Listing Transactions
    
    8.3.2. Examining Transactions
    
    8.3.3. Reverting and Repeating Transactions
    
    8.3.4. Completing Transactions
    
    8.3.5. Starting New Transaction History
  4. 8.4. Configuring Yum and Yum Repositories
    
    Expand section "8.4. Configuring Yum and Yum Repositories" Collapse section "8.4. Configuring Yum and Yum Repositories"
    
    8.4.1. Setting [main] Options
    
    8.4.2. Setting [repository] Options
    
    8.4.3. Using Yum Variables
    
    8.4.4. Viewing the Current Configuration
    
    8.4.5. Adding, Enabling, and Disabling a Yum Repository
    
    8.4.6. Creating a Yum Repository
    
    8.4.7. Working with Yum Cache
    
    8.4.8. Adding the Optional and Supplementary Repositories
  5. 8.5. Yum Plug-ins
    
    Expand section "8.5. Yum Plug-ins" Collapse section "8.5. Yum Plug-ins"
    
    8.5.1. Enabling, Configuring, and Disabling Yum Plug-ins
    
    8.5.2. Installing Additional Yum Plug-ins
    
    8.5.3. Plug-in Descriptions
  6. 8.6. Additional Resources
2. 9. PackageKit
  Expand section "9. PackageKit" Collapse section "9. PackageKit"
  1. 9.1. Updating Packages with Software Update
  2. 9.2. Using Add/Remove Software
    
    Expand section "9.2. Using Add/Remove Software" Collapse section "9.2. Using Add/Remove Software"
    
    9.2.1. Refreshing Software Sources (Yum Repositories)
    
    9.2.2. Finding Packages with Filters
    
    9.2.3. Installing and Removing Packages (and Dependencies)
    
    9.2.4. Installing and Removing Package Groups
    
    9.2.5. Viewing the Transaction Log
  3. 9.3. PackageKit Architecture
  4. 9.4. Additional Resources
IV. Networking
Expand section "IV. Networking" Collapse section "IV. Networking"
1. 10. NetworkManager
  Expand section "10. NetworkManager" Collapse section "10. NetworkManager"
  1. 10.1. The NetworkManager Daemon
  2. 10.2. Interacting with NetworkManager
    
    Expand section "10.2. Interacting with NetworkManager" Collapse section "10.2. Interacting with NetworkManager"
    
    10.2.1. Connecting to a Network
    
    10.2.2. Configuring New and Editing Existing Connections
    
    10.2.3. Connecting to a Network Automatically
    
    10.2.4. User and System Connections
  3. 10.3. Establishing Connections
    
    Expand section "10.3. Establishing Connections" Collapse section "10.3. Establishing Connections"
    
    10.3.1. Establishing a Wired (Ethernet) Connection
    
    10.3.2. Establishing a Wireless Connection
    
    10.3.3. Establishing a Mobile Broadband Connection
    
    10.3.4. Establishing a VPN Connection
    
    10.3.5. Establishing a DSL Connection
    
    10.3.6. Establishing a Bond Connection
    
    10.3.7. Establishing a VLAN Connection
    
    10.3.8. Establishing an IP-over-InfiniBand (IPoIB) Connection
    
    10.3.9. Configuring Connection Settings
    
    Expand section "10.3.9. Configuring Connection Settings" Collapse section "10.3.9. Configuring Connection Settings"
    
    10.3.9.1. Configuring 802.1X Security
    
    Expand section "10.3.9.1. Configuring 802.1X Security" Collapse section "10.3.9.1. Configuring 802.1X Security"
    
    10.3.9.1.1. Configuring TLS (Transport Layer Security) Settings
    
    10.3.9.1.2. Configuring Tunneled TLS Settings
    
    10.3.9.1.3. Configuring Protected EAP (PEAP) Settings
    
    10.3.9.2. Configuring Wireless Security
    
    10.3.9.3. Configuring PPP (Point-to-Point) Settings
    
    10.3.9.4. Configuring IPv4 Settings
    
    10.3.9.5. Configuring IPv6 Settings
    
    10.3.9.6. Configuring Routes
2. 11. Network Interfaces
  Expand section "11. Network Interfaces" Collapse section "11. Network Interfaces"
  1. 11.1. Network Configuration Files
    
    Expand section "11.1. Network Configuration Files" Collapse section "11.1. Network Configuration Files"
    
    11.1.1. Setting the Host Name
  2. 11.2. Interface Configuration Files
    
    Expand section "11.2. Interface Configuration Files" Collapse section "11.2. Interface Configuration Files"
    
    11.2.1. Ethernet Interfaces
    
    11.2.2. Specific ifcfg Options for Linux on System z
    
    11.2.3. Required ifcfg Options for Linux on System z
    
    11.2.4. Channel Bonding Interfaces
    
    Expand section "11.2.4. Channel Bonding Interfaces" Collapse section "11.2.4. Channel Bonding Interfaces"
    
    11.2.4.1. Check if Bonding Kernel Module is Installed
    
    11.2.4.2. Create a Channel Bonding Interface
    
    Expand section "11.2.4.2. Create a Channel Bonding Interface" Collapse section "11.2.4.2. Create a Channel Bonding Interface"
    
    11.2.4.2.1. Creating Multiple Bonds
    
    11.2.5. Configuring a VLAN over a Bond
    
    11.2.6. Network Bridge
    
    Expand section "11.2.6. Network Bridge" Collapse section "11.2.6. Network Bridge"
    
    11.2.6.1. Network Bridge with Bond
    
    11.2.6.2. Network Bridge with Bonded VLAN
    
    11.2.7. Setting Up 802.1Q VLAN Tagging
    
    11.2.8. Alias and Clone Files
    
    11.2.9. Dialup Interfaces
    
    11.2.10. Other Interfaces
  3. 11.3. Interface Control Scripts
  4. 11.4. Static Routes and the Default Gateway
  5. 11.5. Configuring Static Routes in ifcfg files
    
    Expand section "11.5. Configuring Static Routes in ifcfg files" Collapse section "11.5. Configuring Static Routes in ifcfg files"
    
    11.5.1. Static Routes Using the IP Command Arguments Format
    
    11.5.2. Network/Netmask Directives Format
  6. 11.6. Configuring IPv6 Tokenized Interface Identifiers
  7. 11.7. Network Function Files
  8. 11.8. Ethtool
  9. 11.9. Configuring netconsole
  10. 11.10. Additional Resources
V. Infrastructure Services
Expand section "V. Infrastructure Services" Collapse section "V. Infrastructure Services"
1. 12. Services and Daemons
  Expand section "12. Services and Daemons" Collapse section "12. Services and Daemons"
  1. 12.1. Configuring the Default Runlevel
  2. 12.2. Configuring the Services
    
    Expand section "12.2. Configuring the Services" Collapse section "12.2. Configuring the Services"
    
    12.2.1. Using the Service Configuration Utility
    
    Expand section "12.2.1. Using the Service Configuration Utility" Collapse section "12.2.1. Using the Service Configuration Utility"
    
    12.2.1.1. Enabling and Disabling a Service
    
    12.2.1.2. Starting, Restarting, and Stopping a Service
    
    12.2.1.3. Selecting Runlevels
    
    12.2.2. Using the ntsysv Utility
    
    Expand section "12.2.2. Using the ntsysv Utility" Collapse section "12.2.2. Using the ntsysv Utility"
    
    12.2.2.1. Enabling and Disabling a Service
    
    12.2.2.2. Selecting Runlevels
    
    12.2.3. Using the chkconfig Utility
    
    Expand section "12.2.3. Using the chkconfig Utility" Collapse section "12.2.3. Using the chkconfig Utility"
    
    12.2.3.1. Listing the Services
    
    12.2.3.2. Enabling a Service
    
    12.2.3.3. Disabling a Service
  3. 12.3. Running Services
    
    Expand section "12.3. Running Services" Collapse section "12.3. Running Services"
    
    12.3.1. Determining the Service Status
    
    12.3.2. Starting a Service
    
    12.3.3. Stopping a Service
    
    12.3.4. Restarting a Service
  4. 12.4. Additional Resources
    
    Expand section "12.4. Additional Resources" Collapse section "12.4. Additional Resources"
    
    12.4.1. Installed Documentation
    
    12.4.2. Related Books
2. 13. Configuring Authentication
  Expand section "13. Configuring Authentication" Collapse section "13. Configuring Authentication"
  1. 13.1. Configuring System Authentication
    
    Expand section "13.1. Configuring System Authentication" Collapse section "13.1. Configuring System Authentication"
    
    13.1.1. Launching the Authentication Configuration Tool UI
    
    13.1.2. Selecting the Identity Store for Authentication
    
    Expand section "13.1.2. Selecting the Identity Store for Authentication" Collapse section "13.1.2. Selecting the Identity Store for Authentication"
    
    13.1.2.1. Configuring LDAP Authentication
    
    13.1.2.2. Configuring NIS Authentication
    
    13.1.2.3. Configuring Winbind Authentication
    
    13.1.2.4. Using Kerberos with LDAP or NIS Authentication
    
    13.1.3. Configuring Alternative Authentication Features
    
    Expand section "13.1.3. Configuring Alternative Authentication Features" Collapse section "13.1.3. Configuring Alternative Authentication Features"
    
    13.1.3.1. Using Fingerprint Authentication
    
    13.1.3.2. Setting Local Authentication Parameters
    
    13.1.3.3. Enabling Smart Card Authentication
    
    13.1.3.4. Creating User Home Directories
    
    13.1.4. Configuring Authentication from the Command Line
    
    Expand section "13.1.4. Configuring Authentication from the Command Line" Collapse section "13.1.4. Configuring Authentication from the Command Line"
    
    13.1.4.1. Tips for Using authconfig
    
    13.1.4.2. Configuring LDAP User Stores
    
    13.1.4.3. Configuring NIS User Stores
    
    13.1.4.4. Configuring Winbind User Stores
    
    13.1.4.5. Configuring Kerberos Authentication
    
    13.1.4.6. Configuring Local Authentication Settings
    
    13.1.4.7. Configuring Fingerprint Authentication
    
    13.1.4.8. Configuring Smart Card Authentication
    
    13.1.4.9. Managing Kickstart and Configuration Files
    
    13.1.5. Using Custom Home Directories
  2. 13.2. Using and Caching Credentials with SSSD
    
    Expand section "13.2. Using and Caching Credentials with SSSD" Collapse section "13.2. Using and Caching Credentials with SSSD"
    
    13.2.1. About SSSD
    
    13.2.2. Setting up the sssd.conf File
    
    Expand section "13.2.2. Setting up the sssd.conf File" Collapse section "13.2.2. Setting up the sssd.conf File"
    
    13.2.2.1. Creating the sssd.conf File
    
    13.2.2.2. Using a Custom Configuration File
    
    13.2.3. Starting and Stopping SSSD
    
    13.2.4. SSSD and System Services
    
    13.2.5. Configuring Services: NSS
    
    13.2.6. Configuring Services: PAM
    
    13.2.7. Configuring Services: autofs
    
    13.2.8. Configuring Services: sudo
    
    13.2.9. Configuring Services: OpenSSH and Cached Keys
    
    13.2.10. SSSD and Identity Providers (Domains)
    
    13.2.11. Creating Domains: LDAP
    
    13.2.12. Creating Domains: Identity Management (IdM)
    
    13.2.13. Creating Domains: Active Directory
    
    13.2.14. Configuring Domains: Active Directory as an LDAP Provider (Alternative)
    
    13.2.15. Domain Options: Setting Username Formats
    
    13.2.16. Domain Options: Enabling Offline Authentication
    
    13.2.17. Domain Options: Setting Password Expirations
    
    13.2.18. Domain Options: Using DNS Service Discovery
    
    13.2.19. Domain Options: Using IP Addresses in Certificate Subject Names (LDAP Only)
    
    13.2.20. Creating Domains: Proxy
    
    13.2.21. Creating Domains: Kerberos Authentication
    
    13.2.22. Creating Domains: Access Control
    
    13.2.23. Creating Domains: Primary Server and Backup Servers
    
    13.2.24. Installing SSSD Utilities
    
    13.2.25. SSSD and UID and GID Numbers
    
    13.2.26. Creating Local System Users
    
    13.2.27. Seeding Users into the SSSD Cache During Kickstart
    
    13.2.28. Managing the SSSD Cache
    
    13.2.29. Downgrading SSSD
    
    13.2.30. Using NSCD with SSSD
    
    13.2.31. Troubleshooting SSSD
3. 14. OpenSSH
  Expand section "14. OpenSSH" Collapse section "14. OpenSSH"
  1. 14.1. The SSH Protocol
    
    Expand section "14.1. The SSH Protocol" Collapse section "14.1. The SSH Protocol"
    
    14.1.1. Why Use SSH?
    
    14.1.2. Main Features
    
    14.1.3. Protocol Versions
    
    14.1.4. Event Sequence of an SSH Connection
    
    Expand section "14.1.4. Event Sequence of an SSH Connection" Collapse section "14.1.4. Event Sequence of an SSH Connection"
    
    14.1.4.1. Transport Layer
    
    14.1.4.2. Authentication
    
    14.1.4.3. Channels
  2. 14.2. Configuring OpenSSH
    
    Expand section "14.2. Configuring OpenSSH" Collapse section "14.2. Configuring OpenSSH"
    
    14.2.1. Configuration Files
    
    14.2.2. Starting an OpenSSH Server
    
    14.2.3. Requiring SSH for Remote Connections
    
    14.2.4. Using Key-Based Authentication
    
    Expand section "14.2.4. Using Key-Based Authentication" Collapse section "14.2.4. Using Key-Based Authentication"
    
    14.2.4.1. Generating Key Pairs
    
    14.2.4.2. Configuring ssh-agent
    
    14.2.4.3. Multiple required methods of authentication for sshd
  3. 14.3. Using OpenSSH Certificate Authentication
    
    Expand section "14.3. Using OpenSSH Certificate Authentication" Collapse section "14.3. Using OpenSSH Certificate Authentication"
    
    14.3.1. Introduction to SSH Certificates
    
    14.3.2. Support for SSH Certificates
    
    14.3.3. Creating SSH CA Certificate Signing Keys
    
    14.3.4. Distributing and Trusting SSH CA Public Keys
    
    14.3.5. Creating SSH Certificates
    
    Expand section "14.3.5. Creating SSH Certificates" Collapse section "14.3.5. Creating SSH Certificates"
    
    14.3.5.1. Creating SSH Certificates to Authenticate Hosts
    
    14.3.5.2. Creating SSH Certificates for Authenticating Users
    
    14.3.6. Signing an SSH Certificate Using a PKCS#11 Token
    
    14.3.7. Viewing an SSH CA Certificate
    
    14.3.8. Revoking an SSH CA Certificate
  4. 14.4. OpenSSH Clients
    
    Expand section "14.4. OpenSSH Clients" Collapse section "14.4. OpenSSH Clients"
    
    14.4.1. Using the ssh Utility
    
    14.4.2. Using the scp Utility
    
    14.4.3. Using the sftp Utility
  5. 14.5. More Than a Secure Shell
    
    Expand section "14.5. More Than a Secure Shell" Collapse section "14.5. More Than a Secure Shell"
    
    14.5.1. X11 Forwarding
    
    14.5.2. Port Forwarding
  6. 14.6. Additional Resources
    
    Expand section "14.6. Additional Resources" Collapse section "14.6. Additional Resources"
    
    14.6.1. Installed Documentation
    
    14.6.2. Useful Websites
4. 15. TigerVNC
  Expand section "15. TigerVNC" Collapse section "15. TigerVNC"
  1. 15.1. VNC Server
    
    Expand section "15.1. VNC Server" Collapse section "15.1. VNC Server"
    
    15.1.1. Installing VNC Server
    
    15.1.2. Configuring VNC Server
    
    15.1.3. Starting VNC Server
    
    15.1.4. Terminating a VNC Session
  2. 15.2. Sharing an Existing Desktop
  3. 15.3. Using a VNC Viewer
    
    Expand section "15.3. Using a VNC Viewer" Collapse section "15.3. Using a VNC Viewer"
    
    15.3.1. Installing the VNC Viewer
    
    15.3.2. Connecting to a VNC Server
    
    Expand section "15.3.2. Connecting to a VNC Server" Collapse section "15.3.2. Connecting to a VNC Server"
    
    15.3.2.1. Configuring the Firewall for VNC
    
    15.3.3. Connecting to VNC Server Using SSH
  4. 15.4. Additional Resources
VI. Servers
Expand section "VI. Servers" Collapse section "VI. Servers"
1. 16. DHCP Servers
  Expand section "16. DHCP Servers" Collapse section "16. DHCP Servers"
  1. 16.1. Why Use DHCP?
  2. 16.2. Configuring a DHCPv4 Server
    
    Expand section "16.2. Configuring a DHCPv4 Server" Collapse section "16.2. Configuring a DHCPv4 Server"
    
    16.2.1. Configuration File
    
    16.2.2. Lease Database
    
    16.2.3. Starting and Stopping the Server
    
    16.2.4. DHCP Relay Agent
  3. 16.3. Configuring a DHCPv4 Client
  4. 16.4. Configuring a Multihomed DHCP Server
    
    Expand section "16.4. Configuring a Multihomed DHCP Server" Collapse section "16.4. Configuring a Multihomed DHCP Server"
    
    16.4.1. Host Configuration
  5. 16.5. DHCP for IPv6 (DHCPv6)
    
    Expand section "16.5. DHCP for IPv6 (DHCPv6)" Collapse section "16.5. DHCP for IPv6 (DHCPv6)"
    
    16.5.1. Configuring a DHCPv6 Server
    
    16.5.2. Configuring a DHCPv6 Client
  6. 16.6. Additional Resources
    
    Expand section "16.6. Additional Resources" Collapse section "16.6. Additional Resources"
    
    16.6.1. Installed Documentation
2. 17. DNS Servers
  Expand section "17. DNS Servers" Collapse section "17. DNS Servers"
  1. 17.1. Introduction to DNS
    
    Expand section "17.1. Introduction to DNS" Collapse section "17.1. Introduction to DNS"
    
    17.1.1. Nameserver Zones
    
    17.1.2. Nameserver Types
    
    17.1.3. BIND as a Nameserver
  2. 17.2. BIND
    
    Expand section "17.2. BIND" Collapse section "17.2. BIND"
    
    17.2.1. Configuring the named Service
    
    Expand section "17.2.1. Configuring the named Service" Collapse section "17.2.1. Configuring the named Service"
    
    17.2.1.1. Common Statement Types
    
    17.2.1.2. Other Statement Types
    
    17.2.1.3. Comment Tags
    
    17.2.2. Editing Zone Files
    
    Expand section "17.2.2. Editing Zone Files" Collapse section "17.2.2. Editing Zone Files"
    
    17.2.2.1. Common Directives
    
    17.2.2.2. Common Resource Records
    
    17.2.2.3. Comment Tags
    
    17.2.2.4. Example Usage
    
    Expand section "17.2.2.4. Example Usage" Collapse section "17.2.2.4. Example Usage"
    
    17.2.2.4.1. A Simple Zone File
    
    17.2.2.4.2. A Reverse Name Resolution Zone File
    
    17.2.3. Using the rndc Utility
    
    Expand section "17.2.3. Using the rndc Utility" Collapse section "17.2.3. Using the rndc Utility"
    
    17.2.3.1. Configuring the Utility
    
    17.2.3.2. Checking the Service Status
    
    17.2.3.3. Reloading the Configuration and Zones
    
    17.2.3.4. Updating Zone Keys
    
    17.2.3.5. Enabling the DNSSEC Validation
    
    17.2.3.6. Enabling the Query Logging
    
    17.2.4. Using the dig Utility
    
    Expand section "17.2.4. Using the dig Utility" Collapse section "17.2.4. Using the dig Utility"
    
    17.2.4.1. Looking Up a Nameserver
    
    17.2.4.2. Looking Up an IP Address
    
    17.2.4.3. Looking Up a Hostname
    
    17.2.5. Advanced Features of BIND
    
    Expand section "17.2.5. Advanced Features of BIND" Collapse section "17.2.5. Advanced Features of BIND"
    
    17.2.5.1. Multiple Views
    
    17.2.5.2. Incremental Zone Transfers (IXFR)
    
    17.2.5.3. Transaction SIGnatures (TSIG)
    
    17.2.5.4. DNS Security Extensions (DNSSEC)
    
    17.2.5.5. Internet Protocol version 6 (IPv6)
    
    17.2.6. Common Mistakes to Avoid
    
    17.2.7. Additional Resources
    
    Expand section "17.2.7. Additional Resources" Collapse section "17.2.7. Additional Resources"
    
    17.2.7.1. Installed Documentation
    
    17.2.7.2. Useful Websites
    
    17.2.7.3. Related Books
3. 18. Web Servers
  Expand section "18. Web Servers" Collapse section "18. Web Servers"
  1. 18.1. The Apache HTTP Server
    
    Expand section "18.1. The Apache HTTP Server" Collapse section "18.1. The Apache HTTP Server"
    
    18.1.1. New Features
    
    18.1.2. Notable Changes
    
    18.1.3. Updating the Configuration
    
    18.1.4. Running the httpd Service
    
    Expand section "18.1.4. Running the httpd Service" Collapse section "18.1.4. Running the httpd Service"
    
    18.1.4.1. Starting the Service
    
    18.1.4.2. Stopping the Service
    
    18.1.4.3. Restarting the Service
    
    18.1.4.4. Verifying the Service Status
    
    18.1.5. Editing the Configuration Files
    
    Expand section "18.1.5. Editing the Configuration Files" Collapse section "18.1.5. Editing the Configuration Files"
    
    18.1.5.1. Common httpd.conf Directives
    
    18.1.5.2. Common ssl.conf Directives
    
    18.1.5.3. Common Multi-Processing Module Directives
    
    18.1.6. Working with Modules
    
    Expand section "18.1.6. Working with Modules" Collapse section "18.1.6. Working with Modules"
    
    18.1.6.1. Loading a Module
    
    18.1.6.2. Writing a Module
    
    18.1.7. Setting Up Virtual Hosts
    
    18.1.8. Setting Up an SSL Server
    
    Expand section "18.1.8. Setting Up an SSL Server" Collapse section "18.1.8. Setting Up an SSL Server"
    
    18.1.8.1. An Overview of Certificates and Security
    
    18.1.9. Enabling the mod_ssl Module
    
    Expand section "18.1.9. Enabling the mod_ssl Module" Collapse section "18.1.9. Enabling the mod_ssl Module"
    
    18.1.9.1. Enabling and Disabling SSL and TLS in mod_ssl
    
    18.1.10. Enabling the mod_nss Module
    
    Expand section "18.1.10. Enabling the mod_nss Module" Collapse section "18.1.10. Enabling the mod_nss Module"
    
    18.1.10.1. Enabling and Disabling SSL and TLS in mod_nss
    
    18.1.11. Using an Existing Key and Certificate
    
    18.1.12. Generating a New Key and Certificate
    
    18.1.13. Configure the Firewall for HTTP and HTTPS Using the Command Line
    
    Expand section "18.1.13. Configure the Firewall for HTTP and HTTPS Using the Command Line" Collapse section "18.1.13. Configure the Firewall for HTTP and HTTPS Using the Command Line"
    
    18.1.13.1. Checking Network Access for Incoming HTTPS and HTTPS Using the Command Line
    
    18.1.14. Additional Resources
4. 19. Mail Servers
  Expand section "19. Mail Servers" Collapse section "19. Mail Servers"
  1. 19.1. Email Protocols
    
    Expand section "19.1. Email Protocols" Collapse section "19.1. Email Protocols"
    
    19.1.1. Mail Transport Protocols
    
    Expand section "19.1.1. Mail Transport Protocols" Collapse section "19.1.1. Mail Transport Protocols"
    
    19.1.1.1. SMTP
    
    19.1.2. Mail Access Protocols
    
    Expand section "19.1.2. Mail Access Protocols" Collapse section "19.1.2. Mail Access Protocols"
    
    19.1.2.1. POP
    
    19.1.2.2. IMAP
    
    19.1.2.3. Dovecot
  2. 19.2. Email Program Classifications
    
    Expand section "19.2. Email Program Classifications" Collapse section "19.2. Email Program Classifications"
    
    19.2.1. Mail Transport Agent
    
    19.2.2. Mail Delivery Agent
    
    19.2.3. Mail User Agent
  3. 19.3. Mail Transport Agents
    
    Expand section "19.3. Mail Transport Agents" Collapse section "19.3. Mail Transport Agents"
    
    19.3.1. Postfix
    
    Expand section "19.3.1. Postfix" Collapse section "19.3.1. Postfix"
    
    19.3.1.1. The Default Postfix Installation
    
    19.3.1.2. Basic Postfix Configuration
    
    Expand section "19.3.1.2. Basic Postfix Configuration" Collapse section "19.3.1.2. Basic Postfix Configuration"
    
    19.3.1.2.1. Configuring Postfix to Use Transport Layer Security
    
    19.3.1.3. Using Postfix with LDAP
    
    Expand section "19.3.1.3. Using Postfix with LDAP" Collapse section "19.3.1.3. Using Postfix with LDAP"
    
    19.3.1.3.1. The /etc/aliases lookup example
    
    19.3.2. Sendmail
    
    Expand section "19.3.2. Sendmail" Collapse section "19.3.2. Sendmail"
    
    19.3.2.1. Purpose and Limitations
    
    19.3.2.2. The Default Sendmail Installation
    
    19.3.2.3. Common Sendmail Configuration Changes
    
    19.3.2.4. Masquerading
    
    19.3.2.5. Stopping Spam
    
    19.3.2.6. Using Sendmail with LDAP
    
    19.3.3. Fetchmail
    
    Expand section "19.3.3. Fetchmail" Collapse section "19.3.3. Fetchmail"
    
    19.3.3.1. Fetchmail Configuration Options
    
    19.3.3.2. Global Options
    
    19.3.3.3. Server Options
    
    19.3.3.4. User Options
    
    19.3.3.5. Fetchmail Command Options
    
    19.3.3.6. Informational or Debugging Options
    
    19.3.3.7. Special Options
    
    19.3.4. Mail Transport Agent (MTA) Configuration
  4. 19.4. Mail Delivery Agents
    
    Expand section "19.4. Mail Delivery Agents" Collapse section "19.4. Mail Delivery Agents"
    
    19.4.1. Procmail Configuration
    
    19.4.2. Procmail Recipes
    
    Expand section "19.4.2. Procmail Recipes" Collapse section "19.4.2. Procmail Recipes"
    
    19.4.2.1. Delivering vs. Non-Delivering Recipes
    
    19.4.2.2. Flags
    
    19.4.2.3. Specifying a Local Lockfile
    
    19.4.2.4. Special Conditions and Actions
    
    19.4.2.5. Recipe Examples
    
    19.4.2.6. Spam Filters
  5. 19.5. Mail User Agents
    
    Expand section "19.5. Mail User Agents" Collapse section "19.5. Mail User Agents"
    
    19.5.1. Securing Communication
    
    Expand section "19.5.1. Securing Communication" Collapse section "19.5.1. Securing Communication"
    
    19.5.1.1. Secure Email Clients
    
    19.5.1.2. Securing Email Client Communications
  6. 19.6. Additional Resources
    
    Expand section "19.6. Additional Resources" Collapse section "19.6. Additional Resources"
    
    19.6.1. Installed Documentation
    
    19.6.2. Online Documentation
    
    19.6.3. Related Books
5. 20. Directory Servers
  Expand section "20. Directory Servers" Collapse section "20. Directory Servers"
  1. 20.1. OpenLDAP
    
    Expand section "20.1. OpenLDAP" Collapse section "20.1. OpenLDAP"
    
    20.1.1. Introduction to LDAP
    
    Expand section "20.1.1. Introduction to LDAP" Collapse section "20.1.1. Introduction to LDAP"
    
    20.1.1.1. LDAP Terminology
    
    20.1.1.2. OpenLDAP Features
    
    20.1.1.3. OpenLDAP Server Setup
    
    20.1.2. Installing the OpenLDAP Suite
    
    Expand section "20.1.2. Installing the OpenLDAP Suite" Collapse section "20.1.2. Installing the OpenLDAP Suite"
    
    20.1.2.1. Overview of OpenLDAP Server Utilities
    
    20.1.2.2. Overview of OpenLDAP Client Utilities
    
    20.1.2.3. Overview of Common LDAP Client Applications
    
    20.1.3. Configuring an OpenLDAP Server
    
    Expand section "20.1.3. Configuring an OpenLDAP Server" Collapse section "20.1.3. Configuring an OpenLDAP Server"
    
    20.1.3.1. Changing the Global Configuration
    
    20.1.3.2. Changing the Database-Specific Configuration
    
    20.1.3.3. Extending Schema
    
    20.1.4. Running an OpenLDAP Server
    
    Expand section "20.1.4. Running an OpenLDAP Server" Collapse section "20.1.4. Running an OpenLDAP Server"
    
    20.1.4.1. Starting the Service
    
    20.1.4.2. Stopping the Service
    
    20.1.4.3. Restarting the Service
    
    20.1.4.4. Checking the Service Status
    
    20.1.5. Configuring a System to Authenticate Using OpenLDAP
    
    Expand section "20.1.5. Configuring a System to Authenticate Using OpenLDAP" Collapse section "20.1.5. Configuring a System to Authenticate Using OpenLDAP"
    
    20.1.5.1. Migrating Old Authentication Information to LDAP Format
    
    20.1.6. Additional Resources
    
    Expand section "20.1.6. Additional Resources" Collapse section "20.1.6. Additional Resources"
    
    20.1.6.1. Installed Documentation
    
    20.1.6.2. Useful Websites
    
    20.1.6.3. Related Books
6. 21. File and Print Servers
  Expand section "21. File and Print Servers" Collapse section "21. File and Print Servers"
  1. 21.1. Samba
    
    Expand section "21.1. Samba" Collapse section "21.1. Samba"
    
    21.1.1. Introduction to Samba
    
    21.1.2. Samba Daemons and Related Services
    
    21.1.3. Connecting to a Samba Share
    
    Expand section "21.1.3. Connecting to a Samba Share" Collapse section "21.1.3. Connecting to a Samba Share"
    
    21.1.3.1. Mounting the Share
    
    21.1.4. Configuring a Samba Server
    
    Expand section "21.1.4. Configuring a Samba Server" Collapse section "21.1.4. Configuring a Samba Server"
    
    21.1.4.1. Graphical Configuration
    
    21.1.4.2. Command-Line Configuration
    
    21.1.4.3. Encrypted Passwords
    
    21.1.5. Starting and Stopping Samba
    
    21.1.6. Samba Server Types and the smb.conf File
    
    Expand section "21.1.6. Samba Server Types and the smb.conf File" Collapse section "21.1.6. Samba Server Types and the smb.conf File"
    
    21.1.6.1. Stand-alone Server
    
    21.1.6.2. Domain Member Server
    
    21.1.6.3. Domain Controller
    
    21.1.7. Samba Security Modes
    
    Expand section "21.1.7. Samba Security Modes" Collapse section "21.1.7. Samba Security Modes"
    
    21.1.7.1. User-Level Security
    
    21.1.7.2. Share-Level Security
    
    21.1.8. Samba Account Information Databases
    
    21.1.9. Samba Network Browsing
    
    Expand section "21.1.9. Samba Network Browsing" Collapse section "21.1.9. Samba Network Browsing"
    
    21.1.9.1. Domain Browsing
    
    21.1.9.2. WINS (Windows Internet Name Server)
    
    21.1.10. Samba with CUPS Printing Support
    
    Expand section "21.1.10. Samba with CUPS Printing Support" Collapse section "21.1.10. Samba with CUPS Printing Support"
    
    21.1.10.1. Simple smb.conf Settings
    
    21.1.11. Samba Distribution Programs
    
    21.1.12. Additional Resources
  2. 21.2. FTP
    
    Expand section "21.2. FTP" Collapse section "21.2. FTP"
    
    21.2.1. The File Transfer Protocol
    
    21.2.2. The vsftpd Server
    
    Expand section "21.2.2. The vsftpd Server" Collapse section "21.2.2. The vsftpd Server"
    
    21.2.2.1. Starting and Stopping vsftpd
    
    21.2.2.2. Starting Multiple Copies of vsftpd
    
    21.2.2.3. Encrypting vsftpd Connections Using TLS
    
    21.2.2.4. SELinux Policy for vsftpd
    
    21.2.2.5. Files Installed with vsftpd
    
    21.2.2.6. vsftpd Configuration Options
    
    Expand section "21.2.2.6. vsftpd Configuration Options" Collapse section "21.2.2.6. vsftpd Configuration Options"
    
    21.2.2.6.1. Daemon Options
    
    21.2.2.6.2. Log In Options and Access Controls
    
    21.2.2.6.3. Anonymous User Options
    
    21.2.2.6.4. Local-User Options
    
    21.2.2.6.5. Directory Options
    
    21.2.2.6.6. File Transfer Options
    
    21.2.2.6.7. Logging Options
    
    21.2.2.6.8. Network Options
    
    21.2.2.6.9. Security Options
    
    21.2.3. Additional Resources
    
    Expand section "21.2.3. Additional Resources" Collapse section "21.2.3. Additional Resources"
    
    21.2.3.1. Installed Documentation
    
    21.2.3.2. Online Documentation
  3. 21.3. Printer Configuration
    
    Expand section "21.3. Printer Configuration" Collapse section "21.3. Printer Configuration"
    
    21.3.1. Starting the Printer Configuration Tool
    
    21.3.2. Starting Printer Setup
    
    21.3.3. Adding a Local Printer
    
    21.3.4. Adding an AppSocket/HP JetDirect printer
    
    21.3.5. Adding an IPP Printer
    
    21.3.6. Adding an LPD/LPR Host or Printer
    
    21.3.7. Adding a Samba (SMB) printer
    
    21.3.8. Selecting the Printer Model and Finishing
    
    21.3.9. Printing a Test Page
    
    21.3.10. Modifying Existing Printers
    
    Expand section "21.3.10. Modifying Existing Printers" Collapse section "21.3.10. Modifying Existing Printers"
    
    21.3.10.1. The Settings Page
    
    21.3.10.2. The Policies Page
    
    Expand section "21.3.10.2. The Policies Page" Collapse section "21.3.10.2. The Policies Page"
    
    21.3.10.2.1. Sharing Printers
    
    21.3.10.2.2. The Access Control Page
    
    21.3.10.2.3. The Printer Options Page
    
    21.3.10.2.4. Job Options Page
    
    21.3.10.2.5. Ink/Toner Levels Page
    
    21.3.10.3. Managing Print Jobs
    
    21.3.11. Additional Resources
    
    Expand section "21.3.11. Additional Resources" Collapse section "21.3.11. Additional Resources"
    
    21.3.11.1. Installed Documentation
    
    21.3.11.2. Useful Websites
7. 22. Configuring NTP Using ntpd
  Expand section "22. Configuring NTP Using ntpd" Collapse section "22. Configuring NTP Using ntpd"
  1. 22.1. Introduction to NTP
  2. 22.2. NTP Strata
  3. 22.3. Understanding NTP
  4. 22.4. Understanding the Drift File
  5. 22.5. UTC, Timezones, and DST
  6. 22.6. Authentication Options for NTP
  7. 22.7. Managing the Time on Virtual Machines
  8. 22.8. Understanding Leap Seconds
  9. 22.9. Understanding the ntpd Configuration File
  10. 22.10. Understanding the ntpd Sysconfig File
  11. 22.11. Checking if the NTP Daemon is Installed
  12. 22.12. Installing the NTP Daemon (ntpd)
  13. 22.13. Checking the Status of NTP
  14. 22.14. Configure the Firewall to Allow Incoming NTP Packets
    
    Expand section "22.14. Configure the Firewall to Allow Incoming NTP Packets" Collapse section "22.14. Configure the Firewall to Allow Incoming NTP Packets"
    
    22.14.1. Configure the Firewall Using the Graphical Tool
    
    22.14.2. Configure the Firewall Using the Command Line
    
    Expand section "22.14.2. Configure the Firewall Using the Command Line" Collapse section "22.14.2. Configure the Firewall Using the Command Line"
    
    22.14.2.1. Checking Network Access for Incoming NTP Using the Command Line
  15. 22.15. Configure ntpdate Servers
  16. 22.16. Configure NTP
    
    Expand section "22.16. Configure NTP" Collapse section "22.16. Configure NTP"
    
    22.16.1. Configure Access Control to an NTP Service
    
    22.16.2. Configure Rate Limiting Access to an NTP Service
    
    22.16.3. Adding a Peer Address
    
    22.16.4. Adding a Server Address
    
    22.16.5. Adding a Broadcast or Multicast Server Address
    
    22.16.6. Adding a Manycast Client Address
    
    22.16.7. Adding a Broadcast Client Address
    
    22.16.8. Adding a Manycast Server Address
    
    22.16.9. Adding a Multicast Client Address
    
    22.16.10. Configuring the Burst Option
    
    22.16.11. Configuring the iburst Option
    
    22.16.12. Configuring Symmetric Authentication Using a Key
    
    22.16.13. Configuring the Poll Interval
    
    22.16.14. Configuring Server Preference
    
    22.16.15. Configuring the Time-to-Live for NTP Packets
    
    22.16.16. Configuring the NTP Version to Use
  17. 22.17. Configuring the Hardware Clock Update
  18. 22.18. Configuring Clock Sources
  19. 22.19. Additional Resources
    
    Expand section "22.19. Additional Resources" Collapse section "22.19. Additional Resources"
    
    22.19.1. Installed Documentation
    
    22.19.2. Useful Websites
8. 23. Configuring PTP Using ptp4l
  Expand section "23. Configuring PTP Using ptp4l" Collapse section "23. Configuring PTP Using ptp4l"
  1. 23.1. Introduction to PTP
    
    Expand section "23.1. Introduction to PTP" Collapse section "23.1. Introduction to PTP"
    
    23.1.1. Understanding PTP
    
    23.1.2. Advantages of PTP
  2. 23.2. Using PTP
    
    Expand section "23.2. Using PTP" Collapse section "23.2. Using PTP"
    
    23.2.1. Checking for Driver and Hardware Support
    
    23.2.2. Installing PTP
    
    23.2.3. Starting ptp4l
    
    Expand section "23.2.3. Starting ptp4l" Collapse section "23.2.3. Starting ptp4l"
    
    23.2.3.1. Selecting a Delay Measurement Mechanism
  3. 23.3. Specifying a Configuration File
  4. 23.4. Using the PTP Management Client
  5. 23.5. Synchronizing the Clocks
  6. 23.6. Verifying Time Synchronization
  7. 23.7. Serving PTP Time With NTP
  8. 23.8. Serving NTP Time With PTP
  9. 23.9. Synchronize to PTP or NTP Time Using timemaster
    
    Expand section "23.9. Synchronize to PTP or NTP Time Using timemaster" Collapse section "23.9. Synchronize to PTP or NTP Time Using timemaster"
    
    23.9.1. Starting timemaster as a Service
    
    23.9.2. Understanding the timemaster Configuration File
    
    23.9.3. Configuring timemaster Options
  10. 23.10. Improving Accuracy
  11. 23.11. Additional Resources
    
    Expand section "23.11. Additional Resources" Collapse section "23.11. Additional Resources"
    
    23.11.1. Installed Documentation
    
    23.11.2. Useful Websites
VII. Monitoring and Automation
Expand section "VII. Monitoring and Automation" Collapse section "VII. Monitoring and Automation"
1. 24. System Monitoring Tools
  Expand section "24. System Monitoring Tools" Collapse section "24. System Monitoring Tools"
  1. 24.1. Viewing System Processes
    
    Expand section "24.1. Viewing System Processes" Collapse section "24.1. Viewing System Processes"
    
    24.1.1. Using the ps Command
    
    24.1.2. Using the top Command
    
    24.1.3. Using the System Monitor Tool
  2. 24.2. Viewing Memory Usage
    
    Expand section "24.2. Viewing Memory Usage" Collapse section "24.2. Viewing Memory Usage"
    
    24.2.1. Using the free Command
    
    24.2.2. Using the System Monitor Tool
  3. 24.3. Viewing CPU Usage
    
    Expand section "24.3. Viewing CPU Usage" Collapse section "24.3. Viewing CPU Usage"
    
    24.3.1. Using the System Monitor Tool
  4. 24.4. Viewing Block Devices and File Systems
    
    Expand section "24.4. Viewing Block Devices and File Systems" Collapse section "24.4. Viewing Block Devices and File Systems"
    
    24.4.1. Using the lsblk Command
    
    24.4.2. Using the blkid Command
    
    24.4.3. Using the findmnt Command
    
    24.4.4. Using the df Command
    
    24.4.5. Using the du Command
    
    24.4.6. Using the System Monitor Tool
    
    24.4.7. Monitoring Files and Directories with gamin
  5. 24.5. Viewing Hardware Information
    
    Expand section "24.5. Viewing Hardware Information" Collapse section "24.5. Viewing Hardware Information"
    
    24.5.1. Using the lspci Command
    
    24.5.2. Using the lsusb Command
    
    24.5.3. Using the lspcmcia Command
    
    24.5.4. Using the lscpu Command
  6. 24.6. Monitoring Performance with Net-SNMP
    
    Expand section "24.6. Monitoring Performance with Net-SNMP" Collapse section "24.6. Monitoring Performance with Net-SNMP"
    
    24.6.1. Installing Net-SNMP
    
    24.6.2. Running the Net-SNMP Daemon
    
    Expand section "24.6.2. Running the Net-SNMP Daemon" Collapse section "24.6.2. Running the Net-SNMP Daemon"
    
    24.6.2.1. Starting the Service
    
    24.6.2.2. Stopping the Service
    
    24.6.2.3. Restarting the Service
    
    24.6.3. Configuring Net-SNMP
    
    Expand section "24.6.3. Configuring Net-SNMP" Collapse section "24.6.3. Configuring Net-SNMP"
    
    24.6.3.1. Setting System Information
    
    24.6.3.2. Configuring Authentication
    
    24.6.4. Retrieving Performance Data over SNMP
    
    Expand section "24.6.4. Retrieving Performance Data over SNMP" Collapse section "24.6.4. Retrieving Performance Data over SNMP"
    
    24.6.4.1. Hardware Configuration
    
    24.6.4.2. CPU and Memory Information
    
    24.6.4.3. File System and Disk Information
    
    24.6.4.4. Network Information
    
    24.6.5. Extending Net-SNMP
    
    Expand section "24.6.5. Extending Net-SNMP" Collapse section "24.6.5. Extending Net-SNMP"
    
    24.6.5.1. Extending Net-SNMP with Shell Scripts
    
    24.6.5.2. Extending Net-SNMP with Perl
  7. 24.7. Additional Resources
    
    Expand section "24.7. Additional Resources" Collapse section "24.7. Additional Resources"
    
    24.7.1. Installed Documentation
2. 25. Viewing and Managing Log Files
  Expand section "25. Viewing and Managing Log Files" Collapse section "25. Viewing and Managing Log Files"
  1. 25.1. Installing rsyslog
    
    Expand section "25.1. Installing rsyslog" Collapse section "25.1. Installing rsyslog"
    
    25.1.1. Upgrading to rsyslog version 7
  2. 25.2. Locating Log Files
  3. 25.3. Basic Configuration of Rsyslog
    
    Expand section "25.3. Basic Configuration of Rsyslog" Collapse section "25.3. Basic Configuration of Rsyslog"
    
    25.3.1. Filters
    
    25.3.2. Actions
    
    25.3.3. Templates
    
    25.3.4. Global Directives
    
    25.3.5. Log Rotation
  4. 25.4. Using the New Configuration Format
    
    Expand section "25.4. Using the New Configuration Format" Collapse section "25.4. Using the New Configuration Format"
    
    25.4.1. Rulesets
    
    25.4.2. Compatibility with sysklogd
  5. 25.5. Working with Queues in Rsyslog
    
    Expand section "25.5. Working with Queues in Rsyslog" Collapse section "25.5. Working with Queues in Rsyslog"
    
    25.5.1. Defining Queues
    
    25.5.2. Creating a New Directory for rsyslog Log Files
    
    25.5.3. Managing Queues
    
    25.5.4. Using the New Syntax for rsyslog queues
  6. 25.6. Configuring rsyslog on a Logging Server
    
    Expand section "25.6. Configuring rsyslog on a Logging Server" Collapse section "25.6. Configuring rsyslog on a Logging Server"
    
    25.6.1. Using The New Template Syntax on a Logging Server
  7. 25.7. Using Rsyslog Modules
    
    Expand section "25.7. Using Rsyslog Modules" Collapse section "25.7. Using Rsyslog Modules"
    
    25.7.1. Importing Text Files
    
    25.7.2. Exporting Messages to a Database
    
    25.7.3. Enabling Encrypted Transport
    
    25.7.4. Using RELP
  8. 25.8. Debugging Rsyslog
  9. 25.9. Managing Log Files in a Graphical Environment
    
    Expand section "25.9. Managing Log Files in a Graphical Environment" Collapse section "25.9. Managing Log Files in a Graphical Environment"
    
    25.9.1. Viewing Log Files
    
    25.9.2. Adding a Log File
    
    25.9.3. Monitoring Log Files
  10. 25.10. Additional Resources
3. 26. Upgrading MySQL
4. 27. Automating System Tasks
  Expand section "27. Automating System Tasks" Collapse section "27. Automating System Tasks"
  1. 27.1. Cron and Anacron
    
    Expand section "27.1. Cron and Anacron" Collapse section "27.1. Cron and Anacron"
    
    27.1.1. Installing Cron and Anacron
    
    27.1.2. Running the Crond Service
    
    Expand section "27.1.2. Running the Crond Service" Collapse section "27.1.2. Running the Crond Service"
    
    27.1.2.1. Starting and Stopping the Cron Service
    
    27.1.2.2. Stopping the Cron Service
    
    27.1.2.3. Restarting the Cron Service
    
    27.1.3. Configuring Anacron Jobs
    
    Expand section "27.1.3. Configuring Anacron Jobs" Collapse section "27.1.3. Configuring Anacron Jobs"
    
    27.1.3.1. Examples of Anacron Jobs
    
    27.1.4. Configuring Cron Jobs
    
    27.1.5. Controlling Access to Cron
    
    27.1.6. Black and White Listing of Cron Jobs
  2. 27.2. At and Batch
    
    Expand section "27.2. At and Batch" Collapse section "27.2. At and Batch"
    
    27.2.1. Installing At and Batch
    
    27.2.2. Running the At Service
    
    Expand section "27.2.2. Running the At Service" Collapse section "27.2.2. Running the At Service"
    
    27.2.2.1. Starting and Stopping the At Service
    
    27.2.2.2. Stopping the At Service
    
    27.2.2.3. Restarting the At Service
    
    27.2.3. Configuring an At Job
    
    27.2.4. Configuring a Batch Job
    
    27.2.5. Viewing Pending Jobs
    
    27.2.6. Additional Command-Line Options
    
    27.2.7. Controlling Access to At and Batch
  3. 27.3. Additional Resources
5. 28. Automatic Bug Reporting Tool (ABRT)
  Expand section "28. Automatic Bug Reporting Tool (ABRT)" Collapse section "28. Automatic Bug Reporting Tool (ABRT)"
  1. 28.1. Installing ABRT and Starting its Services
  2. 28.2. Using the Graphical User Interface
  3. 28.3. Using the Command-Line Interface
    
    Expand section "28.3. Using the Command-Line Interface" Collapse section "28.3. Using the Command-Line Interface"
    
    28.3.1. Viewing Problems
    
    28.3.2. Reporting Problems
    
    28.3.3. Deleting Problems
  4. 28.4. Configuring ABRT
    
    Expand section "28.4. Configuring ABRT" Collapse section "28.4. Configuring ABRT"
    
    28.4.1. ABRT Events
    
    28.4.2. Standard ABRT Installation Supported Events
    
    28.4.3. Event Configuration in ABRT GUI
    
    28.4.4. ABRT Specific Configuration
    
    28.4.5. Configuring ABRT to Detect a Kernel Panic
    
    28.4.6. Automatic Downloads and Installation of Debuginfo Packages
    
    28.4.7. Configuring Automatic Reporting for Specific Types of Crashes
    
    28.4.8. Uploading and Reporting Using a Proxy Server
    
    28.4.9. Configuring Automatic Reporting
  5. 28.5. Configuring Centralized Crash Collection
    
    Expand section "28.5. Configuring Centralized Crash Collection" Collapse section "28.5. Configuring Centralized Crash Collection"
    
    28.5.1. Configuration Steps Required on a Dedicated System
    
    28.5.2. Configuration Steps Required on a Client System
    
    28.5.3. Saving Package Information
    
    28.5.4. Testing ABRT's Crash Detection
6. 29. OProfile
  Expand section "29. OProfile" Collapse section "29. OProfile"
  1. 29.1. Overview of Tools
  2. 29.2. Configuring OProfile
    
    Expand section "29.2. Configuring OProfile" Collapse section "29.2. Configuring OProfile"
    
    29.2.1. Specifying the Kernel
    
    29.2.2. Setting Events to Monitor
    
    Expand section "29.2.2. Setting Events to Monitor" Collapse section "29.2.2. Setting Events to Monitor"
    
    29.2.2.1. Sampling Rate
    
    29.2.2.2. Unit Masks
    
    29.2.3. Separating Kernel and User-space Profiles
  3. 29.3. Starting and Stopping OProfile
  4. 29.4. Saving Data
  5. 29.5. Analyzing the Data
    
    Expand section "29.5. Analyzing the Data" Collapse section "29.5. Analyzing the Data"
    
    29.5.1. Using opreport
    
    29.5.2. Using opreport on a Single Executable
    
    29.5.3. Getting more detailed output on the modules
    
    29.5.4. Using opannotate
  6. 29.6. Understanding /dev/oprofile/
  7. 29.7. Example Usage
  8. 29.8. OProfile Support for Java
    
    Expand section "29.8. OProfile Support for Java" Collapse section "29.8. OProfile Support for Java"
    
    29.8.1. Profiling Java Code
  9. 29.9. Graphical Interface
  10. 29.10. OProfile and SystemTap
  11. 29.11. Additional Resources
    
    Expand section "29.11. Additional Resources" Collapse section "29.11. Additional Resources"
    
    29.11.1. Installed Docs
    
    29.11.2. Useful Websites
VIII. Kernel, Module and Driver Configuration
Expand section "VIII. Kernel, Module and Driver Configuration" Collapse section "VIII. Kernel, Module and Driver Configuration"
1. 30. Manually Upgrading the Kernel
  Expand section "30. Manually Upgrading the Kernel" Collapse section "30. Manually Upgrading the Kernel"
  1. 30.1. Overview of Kernel Packages
  2. 30.2. Preparing to Upgrade
  3. 30.3. Downloading the Upgraded Kernel
  4. 30.4. Performing the Upgrade
  5. 30.5. Verifying the Initial RAM Disk Image
  6. 30.6. Verifying the Boot Loader
    
    Expand section "30.6. Verifying the Boot Loader" Collapse section "30.6. Verifying the Boot Loader"
    
    30.6.1. Configuring the GRUB Boot Loader
    
    30.6.2. Configuring the Loopback Device Limit
    
    30.6.3. Configuring the OS/400 Boot Loader
    
    30.6.4. Configuring the YABOOT Boot Loader
2. 31. Working with Kernel Modules
  Expand section "31. Working with Kernel Modules" Collapse section "31. Working with Kernel Modules"
  1. 31.1. Listing Currently-Loaded Modules
  2. 31.2. Displaying Information About a Module
  3. 31.3. Loading a Module
  4. 31.4. Unloading a Module
  5. 31.5. Blacklisting a Module
  6. 31.6. Setting Module Parameters
    
    Expand section "31.6. Setting Module Parameters" Collapse section "31.6. Setting Module Parameters"
    
    31.6.1. Loading a Customized Module - Temporary Changes
    
    31.6.2. Loading a Customized Module - Persistent Changes
  7. 31.7. Persistent Module Loading
  8. 31.8. Specific Kernel Module Capabilities
    
    Expand section "31.8. Specific Kernel Module Capabilities" Collapse section "31.8. Specific Kernel Module Capabilities"
    
    31.8.1. Using Channel Bonding
    
    Expand section "31.8.1. Using Channel Bonding" Collapse section "31.8.1. Using Channel Bonding"
    
    31.8.1.1. Bonding Module Directives
  9. 31.9. Additional Resources
3. 32. The kdump Crash Recovery Service
  Expand section "32. The kdump Crash Recovery Service" Collapse section "32. The kdump Crash Recovery Service"
  1. 32.1. Installing the kdump Service
  2. 32.2. Configuring the kdump Service
    
    Expand section "32.2. Configuring the kdump Service" Collapse section "32.2. Configuring the kdump Service"
    
    32.2.1. Configuring kdump at First Boot
    
    32.2.2. Using the Kernel Dump Configuration Utility
    
    32.2.3. Configuring kdump on the Command Line
    
    32.2.4. Testing the Configuration
  3. 32.3. Analyzing the Core Dump
    
    Expand section "32.3. Analyzing the Core Dump" Collapse section "32.3. Analyzing the Core Dump"
    
    32.3.1. Running the crash Utility
    
    32.3.2. Displaying the Message Buffer
    
    32.3.3. Displaying a Backtrace
    
    32.3.4. Displaying a Process Status
    
    32.3.5. Displaying Virtual Memory Information
    
    32.3.6. Displaying Open Files
    
    32.3.7. Exiting the Utility
  4. 32.4. Using fadump on IBM PowerPC hardware
  5. 32.5. Using sadump on Fujitsu PRIMEQUEST systems
    
    Expand section "32.5. Using sadump on Fujitsu PRIMEQUEST systems" Collapse section "32.5. Using sadump on Fujitsu PRIMEQUEST systems"
    
    32.5.1. Configure Red Hat Enterprise Linux for sadump
    
    32.5.2. Check the memory dump
  6. 32.6. Additional Resources
IX. System Recovery
Expand section "IX. System Recovery" Collapse section "IX. System Recovery"
1. 33. System Recovery
  Expand section "33. System Recovery" Collapse section "33. System Recovery"
2. 34. Relax-and-Recover (ReaR)
  Expand section "34. Relax-and-Recover (ReaR)" Collapse section "34. Relax-and-Recover (ReaR)"
  1. 34.1. Basic ReaR Usage
    
    Expand section "34.1. Basic ReaR Usage" Collapse section "34.1. Basic ReaR Usage"
    
    34.1.1. Installing ReaR
    
    34.1.2. Configuring ReaR
    
    34.1.3. Creating a Rescue System
    
    34.1.4. Scheduling ReaR
    
    34.1.5. Performing a System Rescue
  2. 34.2. Integrating ReaR with Backup Software
    
    Expand section "34.2. Integrating ReaR with Backup Software" Collapse section "34.2. Integrating ReaR with Backup Software"
    
    34.2.1. The Built-in Backup Method
    
    Expand section "34.2.1. The Built-in Backup Method" Collapse section "34.2.1. The Built-in Backup Method"
    
    34.2.1.1. Configuring the Internal Backup Method
    
    34.2.1.2. Creating a Backup Using the Internal Backup Method
    
    34.2.2. Supported Backup Methods
    
    34.2.3. Unsupported Backup Methods
A. Consistent Network Device Naming
Expand section "A. Consistent Network Device Naming" Collapse section "A. Consistent Network Device Naming"
B. RPM
Expand section "B. RPM" Collapse section "B. RPM"
1. B.1. RPM Design Goals
2. B.2. Using RPM
  Expand section "B.2. Using RPM" Collapse section "B.2. Using RPM"
  1. B.2.1. Finding RPM Packages
  2. B.2.2. Installing and Upgrading
    
    Expand section "B.2.2. Installing and Upgrading" Collapse section "B.2.2. Installing and Upgrading"
    
    B.2.2.1. Package Already Installed
    
    B.2.2.2. Conflicting Files
    
    B.2.2.3. Unresolved Dependency
  3. B.2.3. Configuration File Changes
  4. B.2.4. Uninstalling
  5. B.2.5. Freshening
  6. B.2.6. Querying
  7. B.2.7. Verifying
3. B.3. Checking a Package's Signature
  Expand section "B.3. Checking a Package's Signature" Collapse section "B.3. Checking a Package's Signature"
  1. B.3.1. Importing Keys
  2. B.3.2. Verifying Signature of Packages
4. B.4. Practical and Common Examples of RPM Usage
5. B.5. Additional Resources
  Expand section "B.5. Additional Resources" Collapse section "B.5. Additional Resources"
  1. B.5.1. Installed Documentation
  2. B.5.2. Useful Websites
C. The X Window System
Expand section "C. The X Window System" Collapse section "C. The X Window System"
1. C.1. The X Server
2. C.2. Desktop Environments and Window Managers
  Expand section "C.2. Desktop Environments and Window Managers" Collapse section "C.2. Desktop Environments and Window Managers"
3. C.3. X Server Configuration Files
  Expand section "C.3. X Server Configuration Files" Collapse section "C.3. X Server Configuration Files"
  1. C.3.1. The Structure of the Configuration
  2. C.3.2. The xorg.conf.d Directory
  3. C.3.3. The xorg.conf File
    
    Expand section "C.3.3. The xorg.conf File" Collapse section "C.3.3. The xorg.conf File"
    
    C.3.3.1. The InputClass section
    
    C.3.3.2. The InputDevice section
    
    C.3.3.3. The ServerFlags section
    
    C.3.3.4. The ServerLayout Section
    
    C.3.3.5. The Files section
    
    C.3.3.6. The Monitor section
    
    C.3.3.7. The Device section
    
    C.3.3.8. The Screen section
    
    C.3.3.9. The DRI section
4. C.4. Fonts
  Expand section "C.4. Fonts" Collapse section "C.4. Fonts"
  1. C.4.1. Adding Fonts to Fontconfig
5. C.5. Runlevels and X
  Expand section "C.5. Runlevels and X" Collapse section "C.5. Runlevels and X"
  1. C.5.1. Runlevel 3
  2. C.5.2. Runlevel 5
6. C.6. Accessing Graphical Applications Remotely
7. C.7. Additional Resources
  Expand section "C.7. Additional Resources" Collapse section "C.7. Additional Resources"
  1. C.7.1. Installed Documentation
  2. C.7.2. Useful Websites
D. The sysconfig Directory
Expand section "D. The sysconfig Directory" Collapse section "D. The sysconfig Directory"
1. D.1. Files in the /etc/sysconfig/ Directory
  Expand section "D.1. Files in the /etc/sysconfig/ Directory" Collapse section "D.1. Files in the /etc/sysconfig/ Directory"
2. D.2. Directories in the /etc/sysconfig/ Directory
3. D.3. Additional Resources
  Expand section "D.3. Additional Resources" Collapse section "D.3. Additional Resources"
  1. D.3.1. Installed Documentation
E. The proc File System
Expand section "E. The proc File System" Collapse section "E. The proc File System"
1. E.1. A Virtual File System
  Expand section "E.1. A Virtual File System" Collapse section "E.1. A Virtual File System"
  1. E.1.1. Viewing Virtual Files
  2. E.1.2. Changing Virtual Files
2. E.2. Top-level Files within the proc File System
  Expand section "E.2. Top-level Files within the proc File System" Collapse section "E.2. Top-level Files within the proc File System"
3. E.3. Directories within /proc/
  Expand section "E.3. Directories within /proc/" Collapse section "E.3. Directories within /proc/"
  1. E.3.1. Process Directories
    
    Expand section "E.3.1. Process Directories" Collapse section "E.3.1. Process Directories"
    
    E.3.1.1. /proc/self/
  2. E.3.2. /proc/bus/
  3. E.3.3. /proc/bus/pci
  4. E.3.4. /proc/driver/
  5. E.3.5. /proc/fs
  6. E.3.6. /proc/irq/
  7. E.3.7. /proc/net/
  8. E.3.8. /proc/scsi/
  9. E.3.9. /proc/sys/
    
    Expand section "E.3.9. /proc/sys/" Collapse section "E.3.9. /proc/sys/"
    
    E.3.9.1. /proc/sys/dev/
    
    E.3.9.2. /proc/sys/fs/
    
    E.3.9.3. /proc/sys/kernel/
    
    E.3.9.4. /proc/sys/net/
    
    E.3.9.5. /proc/sys/vm/
  10. E.3.10. /proc/sysvipc/
  11. E.3.11. /proc/tty/
  12. E.3.12. /proc/PID/
4. E.4. Using the sysctl Command
5. E.5. Additional Resources
F. Revision History
Index
Legal Notice

Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

13.2.13. Creating Domains: Active Directory

The Active Directory identity provider is an extension of a generic LDAP provider. All of the configuration options for an LDAP provider are available to the Active Directory provider, as well as some additional parameters related to user accounts and identity mapping between Active Directory and system users.

There are some fundamental differences between standard LDAP servers and an Active Directory server. When configuring an Active Directory provider, there are some configuration areas, then, which require specific configuration:

Identities using a Windows security ID must be mapped to the corresponding Linux system user ID.
Searches must account for the range retrieval extension.
There may be performance issues with LDAP referrals.

Mapping Active Directory Securiy IDs and Linux User IDs

There are inherent structural differences between how Windows and Linux handle system users and in the user schemas used in Active Directory and standard LDAPv3 directory services. When using an Active Directory identity provider with SSSD to manage system users, it is necessary to reconcile the Active Directory-style user to the new SSSD user. There are two ways to do this:

Using Services for Unix to insert POSIX attributes on Windows user and group entries, and then having those attributes pulled into PAM/NSS
Using ID mapping on SSSD to create a map between Active Directory security IDs (SIDs) and the generated UIDs on Linux

ID mapping is the simplest option for most environments because it requires no additional packages or configuration on Active Directory.

The Mechanism of ID Mapping

Linux/Unix systems use a local user ID number and group ID number to identify users on the system. These UID:GID numbers are a simple integer, such as 501:501. These numbers are simple because they are always created and administered locally, even for systems which are part of a larger Linux/Unix domain.

Microsoft Windows and Active Directory use a different user ID structure to identify users, groups, and machines. Each ID is constructed of different segments that identify the security version, the issuing authority type, the machine, and the identity itself. For example:

S-1-5-21-3623811015-3361044348-30300820-1013

The third through sixth blocks are the machine identifier:

S-1-5-21-3623811015-3361044348-30300820-1013

The last block is the relative identifier (RID) which identifies the specific entity:

S-1-5-21-3623811015-3361044348-30300820-1013

A range of possible ID numbers are always assigned to SSSD. (This is a local range, so it is the same for every machine.)

|_____________________________|
|                             |
minimum ID                    max ID

This range is divided into 10,000 sections (by default), with each section allocated 200,000 IDs.

| slice 1 | slice 2 |   ...   |
|_________|_________|_________|
|         |         |         |
minimum ID                    max ID

When a new Active Directory domain is detected, the SID is hashed. Then, SSSD takes the modulus of the hash and the number of available sections to determine which ID section to assign to the Active Directory domain. This is a reliably consistent means of assigning ID sections, so the same ID range is assigned to the same Active Directory domain on most client machines.

| Active  | Active  |         |
|Directory|Directory|         |
|domain 1 |domain 2 |   ...   |
|         |         |         |
| slice 1 | slice 2 |   ...   |
|_________|_________|_________|
|         |         |         |
minimum ID                    max ID

Note

While the method of assigning ID sections is consistent, ID mapping is based on the order that an Active Directory domain is encountered on a client machine — so it may not result in consistent ID range assignments on all Linux client machines. If consistency is required, then consider disabling ID mapping and using explicit POSIX attributes.

ID Mapping Parameters

ID mapping is enabled in two parameters, one to enable the mapping and one to load the appropriate Active Directory user schema:

ldap_id_mapping = True
ldap_schema = ad

Note

When ID mapping is enabled, the uidNumber and gidNumber attributes are ignored. This prevents any manually-assigned values. If any values must be manually assigned, then all values must be manually assigned, and ID mapping should be disabled.

Mapping Users

When an Active Directory user attempts to log into a local system service for the first time, an entry for that user is created in the SSSD cache. The remote user is set up much like a system user:

A system UID is created for the user based on his SID and the ID range for that domain.
A GID is created for the user, which is identical to the UID.
A private group is created for the user.
A home directory is created, based on the home directory format in the sssd.conf file.
A shell is created, according to the system defaults or the setting in the sssd.conf file.
If the user belongs to any groups in the Active Directory domain, then, using the SID, SSSD adds the user to those groups on the Linux system.

Active Directory Users and Range Retrieval Searches

Microsoft Active Directory has an attribute, MaxValRange, which sets a limit on how many values for a multi-valued attribute will be returned. This is the range retrieval search extension. Essentially, this runs multiuple mini-searches, each returning a subset of the results within a given range, until all matches are returned.

For example, when doing a search for the member attribute, each entry could have multiple values, and there can be multiple entries with that attribute. If there are 2000 matching results (or more), then MaxValRange limits how many are displayed at once; this is the value range. The given attribute then has an additional flag set, showing which range in the set the result is in:

attribute:range=low-high:value

For example, results 100 to 500 in a search:

member;range=99-499: cn=John Smith...

This is described in the Microsoft documentation at http://msdn.microsoft.com/en-us/library/cc223242.aspx.

SSSD supports range retrievals with Active Directory providers as part of user and group management, without any additional configuration.

However, some LDAP provider attributes which are available to configure searches — such as ldap_user_search_base — are not performant with range retrievals. Be cautious when configuring search bases in the Active Directory provider domain and consider what searches may trigger a range retrieval.

Performance and LDAP Referrals

Referrals can negatively impact overall performance because of the time spent attempting to trace referrals. There is particularly bad performance degradation when referral chasing is used with an Active Directory identity provider. Disabling referral checking can significantly improve performance.

LDAP referrals are enabled by default, so they must be explicitly disabled in the LDAP domain configuration. For example:

ldap_referrals = false

Active Directory as Other Provider Types

Active Directory can be used as an identity provider and as an access, password, and authentication provider.

There are a number of options in the generic LDAP provider configuration which can be used to configure an Active Directory provider. Using the ad value is a short-cut which automatically pulls in the parameters and values to configure a given provider for Active Directory. For example, using access_provider = ad to configure an Active Directory access provider expands to this configuration using the explicit LDAP provider parameters:

access_provider = ldap
ldap_access_order = expire
ldap_account_expire_policy = ad

Procedure 13.6. Configuring an Active Directory Identity Provider

Active Directory can work as a provider for identities, authentication, access control rules, and passwords, all of the *_provider parameters for a domain. Additionally, it is possible to load the native Active Directory schema for user and group entries, rather than using the default RFC 2307.

Make sure that both the Active Directory and Linux systems have a properly configured environment.
- Name resolution must be properly configured, particularly if service discovery is used with SSSD.
- The clocks on both systems must be in sync for Kerberos to work properly.
Set up the Linux system as an Active Directory client and enroll it within the Active Directory domain. This is done by configuring the Kerberos and Samba services on the Linux system.
1. Set up Kerberos to use the Active Directory Kerberos realm.
  1. Open the Kerberos client configuration file.
```
~]# vim /etc/krb5.conf
```
  2. Configure the [logging] and [libdefaults] sections so that they connect to the Active Directory realm.
```
[logging]
 default = FILE:/var/log/krb5libs.log

[libdefaults]
 default_realm = EXAMPLE.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 rdns = false
 forwardable = false
```
    If autodiscovery is not used with SSSD, then also configure the [realms] and [domain_realm] sections to explicitly define the Active Directory server.
2. Configure the Samba server to connect to the Active directory server.
  1. Open the Samba configuration file.
```
~]# vim /etc/samba/smb.conf
```
  2. Set the Active Directory domain information in the [global] section.
```
[global]
   workgroup = EXAMPLE
   client signing = yes
   client use spnego = yes
   kerberos method = secrets and keytab
   log file = /var/log/samba/%m.log
   password server = AD.EXAMPLE.COM
   realm = EXAMPLE.COM
   security = ads
```
3. Add the Linux machine to the Active Directory domain.
  1. Obtain Kerberos credentials for a Windows administrative user.
```
~]# kinit Administrator
```
  2. Add the machine to the domain using the net command.
```
~]# net ads join -k
Joined 'server' to dns domain 'example.com'
```
    This creates a new keytab file, /etc/krb5.keytab.
    List the keys for the system and check that the host principal is there.
```
~]# klist -k
```
Use authconfig to enable SSSD for system authentication.
```
# authconfig --update --enablesssd --enablesssdauth
```
Set the Active Directory domain as an identity provider in the SSSD configuration, as shown in Example 13.7, “An Active Directory 2008 R2 Domain” and Example 13.8, “An Active Directory 2008 R2 Domain with ID Mapping”.
Restart the SSH service to load the new PAM configuration.
```
~]# service sshd restart
```
Restart SSSD after changing the configuration file.
```
~]# service sssd restart
```

Example 13.7. An Active Directory 2008 R2 Domain

~]# vim /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
domains = ad.example.com
services = nss, pam

...

[domain/ad.example.com]
id_provider = ad
ad_server = ad.example.com
ad_hostname = ad.example.com
auth_provider = ad
chpass_provider = ad
access_provider = ad

# defines user/group schema type
ldap_schema = ad

# using explicit POSIX attributes in the Windows entries
ldap_id_mapping = False

# caching credentials
cache_credentials = true

# access controls
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true

# performance
ldap_referrals = false

There are two parameters that are critical for ID mapping: the Active Directory schema must be loaded (ldap_schema) and ID mapping must be explicitly enabled (ldap_id_mapping).

Example 13.8. An Active Directory 2008 R2 Domain with ID Mapping

~]# vim /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
domains = ad.example.com
services = nss, pam

...

[domain/ad.example.com]
id_provider = ad
ad_server = ad.example.com
ad_hostname = ad.example.com
auth_provider = ad
chpass_provider = ad
access_provider = ad

# defines user/group schema type
ldap_schema = ad

# for SID-UID mapping
ldap_id_mapping = True

# caching credentials
cache_credentials = true

# access controls
ldap_access_order = expire
ldap_account_expire_policy = ad
ldap_force_upper_case_realm = true

# performance
ldap_referrals = false

All of the potential configuration attributes for an Active Directory domain are listed in the sssd-ldap(5) and sssd-ad(5) man pages.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Red Hat Training

13.2.13. Creating Domains: Active Directory

Mapping Active Directory Securiy IDs and Linux User IDs

The Mechanism of ID Mapping

ID Mapping Parameters

Mapping Users

Active Directory Users and Range Retrieval Searches

Performance and LDAP Referrals

Active Directory as Other Provider Types