Difference between revisions of "Alternative CentOS and Active Directory"

From RSWiki
Jump to navigation Jump to search
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''Step 1'''
'''Step 1'''

Latest revision as of 11:44, 27 February 2017

Announcements.png This information is deprecated. It should be considered end of life and should not be used in any production setting

Step 1

/etc/init.d/smb stop
/etc/init.d/winbind stop

Step 2

edit /etc/krb5.conf

default_realm = WINDOWS.SERVER.INT 

kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int

 .windows.server.int = WINDOWS.SERVER.INT

Step 3

edit smb.conf

security = ads
netbios name = DOMAIN
password server = domainserver.example.directory
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Step 4

create the home directories

mkdir /home/DOMAIN

Step 5

Start and stop samba and winbind

/etc/init.d/smb stop
/etc/init.d/winbind stop
/etc/init.d/smb start
/etc/init.d/winbind start

Step 6

edit nsswitch.conf so it looks like the lines below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step 7

Add the following to /etc/pam.d/system-auth

auth sufficient /lib/security/pam_winbind.so
auth requisite pam_pwdb.so shadow
account requisite pam_localuser.so

Step 8

Initialise Kerberos

kinit domain_admin_account@EXAMPLE.DIRECTORY

Step 9

check to be sure you got a ticket from the domain controller


Step 10

Join the Active directory

net ads join -U domainadminuser@EXAMPLE.DOMAIN

Step 11

Start samba and winbind

/etc/init.d/smb start
/etc/init.d/winbind start