Alternative CentOS and Active Directory
Jump to navigation
Jump to search
This information is deprecated. It should be considered end of life and should not be used in any production setting
Step 1
/etc/init.d/smb stop /etc/init.d/winbind stop
Step 2
edit /etc/krb5.conf
[libdefaults] default_realm = WINDOWS.SERVER.INT [realms] WINDOWS.SERVER.INT = { kdc = mc1.windows.server.int default_domain = WINDOWS.SERVER.INT kpasswd_server = mc1.windows.server.int admin_server = mc1.windows.server.int } [domain_realm] .windows.server.int = WINDOWS.SERVER.INT
Step 3
edit smb.conf
[global] security = ads netbios name = DOMAIN realm = EXAMPLE.DIRECTORY password server = domainserver.example.directory workgroup = DOMAIN idmap uid = 500-10000000 idmap gid = 500-10000000 winbind separator = + winbind enum users = no winbind enum groups = no winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no
Step 4
create the home directories
mkdir /home/DOMAIN
Step 5
Start and stop samba and winbind
/etc/init.d/smb stop /etc/init.d/winbind stop /etc/init.d/smb start /etc/init.d/winbind start
Step 6
edit nsswitch.conf so it looks like the lines below
passwd: files winbind shadow: files winbind group: files winbind
Step 7
Add the following to /etc/pam.d/system-auth
auth sufficient /lib/security/pam_winbind.so auth requisite pam_pwdb.so shadow account requisite pam_localuser.so
Step 8
Initialise Kerberos
kinit domain_admin_account@EXAMPLE.DIRECTORY
Step 9
check to be sure you got a ticket from the domain controller
klist
Step 10
Join the Active directory
net ads join -U domainadminuser@EXAMPLE.DOMAIN
Step 11
Start samba and winbind
/etc/init.d/smb start /etc/init.d/winbind start