Alternative CentOS and Active Directory

From RSWiki
Jump to navigation Jump to search

This information is deprecated. It should be considered end of life and should not be used in any production setting

Step 1

/etc/init.d/smb stop
/etc/init.d/winbind stop

Step 2

edit /etc/krb5.conf

[libdefaults]
default_realm = WINDOWS.SERVER.INT 

[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}

[domain_realm]
 .windows.server.int = WINDOWS.SERVER.INT

Step 3

edit smb.conf

[global]
security = ads
netbios name = DOMAIN
realm = EXAMPLE.DIRECTORY
password server = domainserver.example.directory
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Step 4

create the home directories

mkdir /home/DOMAIN

Step 5

Start and stop samba and winbind

/etc/init.d/smb stop
/etc/init.d/winbind stop
/etc/init.d/smb start
/etc/init.d/winbind start

Step 6

edit nsswitch.conf so it looks like the lines below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step 7

Add the following to /etc/pam.d/system-auth

auth sufficient /lib/security/pam_winbind.so
auth requisite pam_pwdb.so shadow
account requisite pam_localuser.so

Step 8

Initialise Kerberos

kinit domain_admin_account@EXAMPLE.DIRECTORY

Step 9

check to be sure you got a ticket from the domain controller

klist

Step 10

Join the Active directory

net ads join -U domainadminuser@EXAMPLE.DOMAIN

Step 11

Start samba and winbind

/etc/init.d/smb start
/etc/init.d/winbind start