Config files on CentOS

From RSWiki
Revision as of 11:45, 27 February 2017 by Robert (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Announcements.png This information is deprecated. It should be considered end of life and should not be used in any production setting

/etc/krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = SWEETNAM.EU
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
 SWEETNAM.EU = {
  kdc = 172.20.1.1:88
  admin_server = 172.20.1.1:749
  default_domain = sweetnam.eu
  kdc = 172.20.1.1
 }

[domain_realm]
 .sweetnam.eu = SWEETNAM.EU
 sweetnam.eu = SWEETNAM.EU 

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf 

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

/etc/samba/smb.conf

[global]
        idmap gid = 500-10000000
       client use spnego = yes
       domain master = no
       winbind trusted domains only = yes
        winbind use default domain = yes
       realm = SWEETNAM.EU
       template shell = /bin/bash
       netbios name = CENTOS
       password server = 172.20.1.1
       winbind enum users = no
       idmap uid = 500-10000000
       template homedir = /home/%D/%U
       workgroup = SWEETNAM
       winbind enum groups = no
       security = ads
       winbind separator = +

/etc/nsswitch.conf

passwd:     compat winbind files
shadow:     compat winbind files
group:      compat winbind files

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind

netgroup:   files winbind

publickey:  nisplus

automount:  files winbind
aliases:    files nisplus

/etc/pam.d/system-auth

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        sufficient    /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth        sufficient    /lib/security/$ISA/pam_winbind.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     sufficient    /lib/security/$ISA/pam_krb5.so
account     sufficient    /lib/security/$ISA/pam_winbind.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    sufficient    /lib/security/$ISA/pam_winbind.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so