Alternative CentOS and Active Directory: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{AdWords}} | |||
'''The information here dates from 2006 and may be depreceated.''' | |||
'''Please go [[Using Active Directory for CentOS |to this document]] For a working config.''' | '''Please go [[Using Active Directory for CentOS |to this document]] For a working config.''' | ||
Line 100: | Line 104: | ||
/etc/init.d/smb start | /etc/init.d/smb start | ||
/etc/init.d/winbind start | /etc/init.d/winbind start | ||
{{AdWords2}} |
Revision as of 11:10, 3 March 2009
The information here dates from 2006 and may be depreceated.
Please go to this document For a working config.
Step 1
/etc/init.d/smb stop /etc/init.d/winbind stop
Step 2
edit /etc/krb5.conf
[libdefaults] default_realm = WINDOWS.SERVER.INT [realms] WINDOWS.SERVER.INT = { kdc = mc1.windows.server.int default_domain = WINDOWS.SERVER.INT kpasswd_server = mc1.windows.server.int admin_server = mc1.windows.server.int } [domain_realm] .windows.server.int = WINDOWS.SERVER.INT
Step 3
edit smb.conf
[global] security = ads netbios name = DOMAIN realm = EXAMPLE.DIRECTORY password server = domainserver.example.directory workgroup = DOMAIN idmap uid = 500-10000000 idmap gid = 500-10000000 winbind separator = + winbind enum users = no winbind enum groups = no winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no
Step 4
create the home directories
mkdir /home/DOMAIN
Step 5
Start and stop samba and winbind
/etc/init.d/smb stop /etc/init.d/winbind stop /etc/init.d/smb start /etc/init.d/winbind start
Step 6
edit nsswitch.conf so it looks like the lines below
passwd: files winbind shadow: files winbind group: files winbind
Step 7
Add the following to /etc/pam.d/system-auth
auth sufficient /lib/security/pam_winbind.so auth requisite pam_pwdb.so shadow account requisite pam_localuser.so
Step 8
Initialise Kerberos
kinit domain_admin_account@EXAMPLE.DIRECTORY
Step 9
check to be sure you got a ticket from the domain controller
klist
Step 10
Join the Active directory
net ads join -U domainadminuser@EXAMPLE.DOMAIN
Step 11
Start samba and winbind
/etc/init.d/smb start /etc/init.d/winbind start