This article explains the steps to needed to add a Linux server or
work stations as a domain member in Windows Active directory (2008)
server.
I am using centos5x as linux client.
SYNC THE DATE AND TIME WITH THE PDC
Install kerberos in the local server/machine
CONFIGURE THE KERBEROS
Install SAMABA and wind bind
Save and exit the smb.conf file
Edit /etc/nsswitch.conf and add the following lines
passwd: compat winbind files shadow: compat winbind files group: compat winbind files hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases: files nisplus
INITIALIZE KERBEROS
NOW RUN THE FOLLOWING COMMAND IN SHELL
After these steps your machine will be added in to the DOMIAN and you ca ping the system using the machine name
To list all the users
I am using centos5x as linux client.
SYNC THE DATE AND TIME WITH THE PDC
# /ect/init.d/ntpd stop
# ntpdate ip.address.of.yourPDC
# /etc/init.d/ntpd start # chkconfig ntpd on
Install kerberos in the local server/machine
CONFIGURE THE KERBEROS
NOTE: Please follow the exact syntax of the krb5.conf file given here.
# vi /etc/krb5.conf
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = dns_lookup_realm = yes dns_lookup_kdc = yes
[realms]
EXAMPLE = {
kdc = server.example.com
default_domain = example.com
}
[domain_realm] .example.com = EXAMPLE.COM mydomain.com = EXAMPLE.COM
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Install SAMABA and wind bind
# yum install samba-*
# yum install winbind
# service smb start #chkconfig smb on
# service winbind start # chkconfig winbind onEnter the following entries in /etc/samba/smb.conf
# /etc/smmba/smb.conf
[global] # NT Workgroup Settings netbios name = CENTOS1 workgroup = EXAMPLE.COM server string = Centos Server
# Samba Performance Settings socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 client schannel = no
# Network Browsing Settings local master = no domain master = no preferred master = no wins support = no dns proxy = no wins proxy = no
# Active Directory Member realm = EXAMPLE.COM security = ads ads server = X.X.X.X (Ip address of your seerver) password server = server.example.com
# Winbind Settings winbind separator = + winbind use default domain = yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind cache time = 10
#winbind gid = 10000-20000 #winbind trusted domains only = no
# Defaults for local accounts created by winbind #template shell = /bin/bash template shell = /usr/local/bin/bash-wrapper template homedir = /home/%U
# Logging Settings max log size = 50 log file = /var/log/samba/%m.log
Save and exit the smb.conf file
Edit /etc/nsswitch.conf and add the following lines
passwd: compat winbind files shadow: compat winbind files group: compat winbind files hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc: files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases: files nisplus
INITIALIZE KERBEROS
# kinit administrator@EXAMPLE.COMThe exist status of the above command should be 0
NOW RUN THE FOLLOWING COMMAND IN SHELL
# system-config-authenticationPlease follow the screen shots given below
After these steps your machine will be added in to the DOMIAN and you ca ping the system using the machine name
To list all the users
# wbinfo -uTo list all the groups
# wbinfo -gCheck RPC communication
# # wbinfo -tChange the PAM settings for login and ssh
- cat /etc/pam.d/sshd
#%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so auth sufficient pam_winbind.so account required pam_stack.so service=system-auth account sufficient pam_winbind.so password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth
- cat /etc/pam.d/login
#%PAM-1.0 auth required pam_securetty.so auth sufficient pam_winbind.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open
No comments:
Post a Comment