Centos AD Authentication and users and groups

To configure your linux workstation to pull user and group, and authentication information, from AD, run these commands. They do the dirty work of configuring pam, samba+winbind, nscd, and Kerberos.

..substitute your admin user account where mine is used below (admin-username), your AD dns domain/realm where domainname.com is used, and the netbios domain name where domainname is used.

yum install samba pam_krb5.x86_64 pam_smb.x86_64 nscd

authconfig --enableshadow --passalgo=sha512 --disablenis --disableldap --disableldapauth --disableldaptls --disablesmartcard --disablerequiresmartcard --enablekrb5 --krb5kdc=dc1.domainname.com --krb5adminserver=dc1.domainname.com --krb5realm=DOMAINNAME.COM --enablekrb5kdcdns --enablekrb5realmdns --disablesmbauth --smbworkgroup=DOMAINNAME --smbservers=dc1.domainname.com,dc2.domainname.com --enablewinbind --disablewinbindauth --smbsecurity=ads --smbrealm=DOMAINNAME.COM --smbidmapuid=10000000-20000000 --smbidmapgid=10000000-20000000 --winbindseparator=\\ --winbindtemplatehomedir=/home/%D/%U --winbindtemplateshell=/bin/bash --enablewinbindusedefaultdomain --enablewinbindoffline --winbindjoin=admin-username --disablewins --disablehesiod --enablecache --enablelocauthorize --enablepamaccess --disablesysnetauth --enablemkhomedir --updateall

Note that all users on the domain will now be able to log in to your computer over the network, unless you either:

1. Set up a ssh AllowUsers or AllowGroups parameter in /etc/ssh/sshd_config (see man page for sshd_config); or

2. 2. Use pam_access (see man page for pam_access)

No comments: