Alternative CentOS and Active Directory

From RSWiki
Revision as of 11:44, 27 February 2017 by Robert (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Announcements.png This information is deprecated. It should be considered end of life and should not be used in any production setting

Step 1

/etc/init.d/smb stop
/etc/init.d/winbind stop

Step 2

edit /etc/krb5.conf

[libdefaults]
default_realm = WINDOWS.SERVER.INT 

[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}

[domain_realm]
 .windows.server.int = WINDOWS.SERVER.INT

Step 3

edit smb.conf

[global]
security = ads
netbios name = DOMAIN
realm = EXAMPLE.DIRECTORY
password server = domainserver.example.directory
workgroup = DOMAIN
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no

Step 4

create the home directories

mkdir /home/DOMAIN

Step 5

Start and stop samba and winbind

/etc/init.d/smb stop
/etc/init.d/winbind stop
/etc/init.d/smb start
/etc/init.d/winbind start

Step 6

edit nsswitch.conf so it looks like the lines below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step 7

Add the following to /etc/pam.d/system-auth

auth sufficient /lib/security/pam_winbind.so
auth requisite pam_pwdb.so shadow
account requisite pam_localuser.so

Step 8

Initialise Kerberos

kinit domain_admin_account@EXAMPLE.DIRECTORY

Step 9

check to be sure you got a ticket from the domain controller

klist

Step 10

Join the Active directory

net ads join -U domainadminuser@EXAMPLE.DOMAIN

Step 11

Start samba and winbind

/etc/init.d/smb start
/etc/init.d/winbind start