Alternative CentOS and Active Directory

From RSWiki
Revision as of 10:51, 17 May 2006 by Robert (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Step 1

/etc/init.d/smb stop
/etc/init.d/winbind stop

Step 2

edit /etc/krb5.conf

default_realm = WINDOWS.SERVER.INT 

kdc =
default_domain = WINDOWS.SERVER.INT
kpasswd_server =
admin_server =

[domain_realm] = WINDOWS.SERVER.INT

Step 3

edit smb.conf

security = ads
netbios name = DOMAIN
password server =
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Step 4

create the home directories

mkdir /home/DOMAIN

Step 5

Start and stop samba and winbind

/etc/init.d/smb stop
/etc/init.d/winbind stop
/etc/init.d/smb start
/etc/init.d/winbind start

Step 6

edit nsswitch.conf so it looks like the lines below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step 7

Add the following to /etc/pam.d/system-auth

auth sufficient /lib/security/
auth requisite shadow
account requisite

Step 8

Initialise Kerberos

kinit domain_admin_account@EXAMPLE.DIRECTORY

Step 9

check to be sure you got a ticket from the domain controller


Step 10

Join the Active directory

net ads join -U domainadminuser@EXAMPLE.DOMAIN