Alternative CentOS and Active Directory

From RSWiki
Jump to navigation Jump to search

This information is deprecated. It should be considered end of life and should not be used in any production setting

Step 1

/etc/init.d/smb stop
/etc/init.d/winbind stop

Step 2

edit /etc/krb5.conf

default_realm = WINDOWS.SERVER.INT 

kdc =
default_domain = WINDOWS.SERVER.INT
kpasswd_server =
admin_server =

[domain_realm] = WINDOWS.SERVER.INT

Step 3

edit smb.conf

security = ads
netbios name = DOMAIN
password server =
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Step 4

create the home directories

mkdir /home/DOMAIN

Step 5

Start and stop samba and winbind

/etc/init.d/smb stop
/etc/init.d/winbind stop
/etc/init.d/smb start
/etc/init.d/winbind start

Step 6

edit nsswitch.conf so it looks like the lines below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step 7

Add the following to /etc/pam.d/system-auth

auth sufficient /lib/security/
auth requisite shadow
account requisite

Step 8

Initialise Kerberos

kinit domain_admin_account@EXAMPLE.DIRECTORY

Step 9

check to be sure you got a ticket from the domain controller


Step 10

Join the Active directory

net ads join -U domainadminuser@EXAMPLE.DOMAIN

Step 11

Start samba and winbind

/etc/init.d/smb start
/etc/init.d/winbind start