Introduction
There are times when you need to integrate your Linux servers with Active Directory so as to allow authentication from that along-with local authentication. What it essentially means is that not only can you log in locally to this Linux server, you can also create users on your Active Directory & login with those users here as well.
This post explains how you can integrate your CentOS 7 server with Active Directory. Let’s get started 🙂
Lab Description : –
Domain Controller : – A Windows 2012 Server running with IP 192.168.0.10 & FQDN ad1.shashank.local.
Client machine : – A CentOS 7 server with the IP 192.168.0.65.
Active Directory Domain : – shashank
Client Configuration : –
Install necessary packages.
root@centos-server /h/shashank# yum install samba-winbind samba-winbind-clients pam_krb5 nscd
Configure DNS Server.
Edit your /etc/resolv.conf & add a line for your Domain Controller.
nameserver 192.168.0.10
Check connectivity for the Domain Controller.
root@centos-server /h/shashank# nslookup ad1.shashank.local Server: 192.168.0.10 Address: 192.168.0.10#53 Name:ad1.shashank.local Address: 192.168.0.10
Enable Winbind Authentication.
Now execute below command to perform the integration.
root@centos-server /h/shashank# authconfig-tui
It will bring up a Window like this. Select the options as shown below.
After you click Next, it will ask you to input properties. Select Security Model as ads, enter Domain as shashank(use your domain here, of-course), Domain Controllers as ad1.shashank.local & ADS Realm as shashank.local. Then choose a default shell for your users. Bash is a good option. Make sure you use your own values here.
Now press the Join Domain button. It will ask you to enter your Domain Controller password. Enter it & then click OK. If everything goes well, you will see a success message as shown below.
root@centos-server /h/shashank# authconfig-tui [/usr/bin/net join -w shashank -S ad1.shashank.local -U Administrator] Enter Administrator's password:<...> Using short domain name -- SHASHANK Joined 'CENTOS-SERVER' to dns domain 'shashank.local'
Check if your Linux server can query your AD.
root@centos-server /h/shashank# net ads info LDAP server: 192.168.0.10 LDAP server name: AD1.shashank.local Realm: SHASHANK.LOCAL Bind Path: dc=SHASHANK,dc=LOCAL LDAP port: 389 Server time: Tue, 13 Feb 2018 10:37:12 IST KDC server: 192.168.0.10 Server time offset: 0 Last machine account password change: Tue, 13 Feb 2018 10:36:36 IST
Check the list of users obtained from AD.
root@centos-server /h/shashank# wbinfo -u SHASHANK\administrator SHASHANK\guest SHASHANK\admin SHASHANK\shashank
You can also use below command if you don’t want to use authconfig-tui wizard. This way, you can enable automatic home-directory creation whenever a domain user logs in for the first time.
authconfig --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=shashank --smbservers=ad1.shashank.local --smbrealm=SHASHANK.LOCAL --winbindtemplateshell=/bin/bash --enablemkhomedir--updateall
net join -w shashank -S ad1.shashank.local -U Administrator
Now you can login to the Linux server using the AD user.
[shashank@centos-server ~]$ sudo su - SHASHANK\\shashank Creating home directory for SHASHANK\shashank. [SHASHANK\shashank@centos-server ~]$ id -a uid=16777216(SHASHANK\shashank) gid=16777216(SHASHANK\domain users) groups=16777216(SHASHANK\domain users) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [SHASHANK\shashank@centos-server ~]$
I hope it was explained in an easy way & you found it useful 🙂
What I Learned Today - Linux/Database Tutorial Blog! 