Alternative CentOS and Active Directory

From RSWiki
Revision as of 11:10, 3 March 2009 by Robert (talk | contribs)
Jump to navigation Jump to search


The information here dates from 2006 and may be depreceated.

Please go to this document For a working config.

Step 1

/etc/init.d/smb stop
/etc/init.d/winbind stop

Step 2

edit /etc/krb5.conf

default_realm = WINDOWS.SERVER.INT 

kdc =
default_domain = WINDOWS.SERVER.INT
kpasswd_server =
admin_server =

[domain_realm] = WINDOWS.SERVER.INT

Step 3

edit smb.conf

security = ads
netbios name = DOMAIN
password server =
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Step 4

create the home directories

mkdir /home/DOMAIN

Step 5

Start and stop samba and winbind

/etc/init.d/smb stop
/etc/init.d/winbind stop
/etc/init.d/smb start
/etc/init.d/winbind start

Step 6

edit nsswitch.conf so it looks like the lines below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step 7

Add the following to /etc/pam.d/system-auth

auth sufficient /lib/security/
auth requisite shadow
account requisite

Step 8

Initialise Kerberos

kinit domain_admin_account@EXAMPLE.DIRECTORY

Step 9

check to be sure you got a ticket from the domain controller


Step 10

Join the Active directory

net ads join -U domainadminuser@EXAMPLE.DOMAIN

Step 11

Start samba and winbind

/etc/init.d/smb start
/etc/init.d/winbind start