Active Directory authentication with centos 7

Active Directory authentication with centos 7

Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment.

Active Directory authentication with centos 7

Now we will authenticate centos 7 with windows Active Directory.

Change DOMAIN to your Active Directory Domain name
Change DOMAIN.COM to Active Directory server realm

Active Directory authentication with centos 7

Read Also: Basic docker commands

Pre-requisites

Before starting we need to install some packages on our centos machine

yum -y install authconfig krb5-workstation pam_krb5 samba-common oddjob-mkhomedir samba4-winbind-clients samba-winbind

This will install the required packages we need to get it up.

We will use authconfig for configuration

authconfig --disablecache --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=DOMAIN --smbrealm=DOMAIN.COM --enablewinbindusedefaultdomain --winbindtemplatehomedir=/home/DOMAIN/%U --winbindtemplateshell=/bin/bash --enablekrb5 --krb5realm=DOMAIN.COM --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall

The above step will make changes in samba and kerberos conf files.

If you get locale error use the following link..

Kerberos conf file (/etc/krb5.conf) should be like

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]

dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true<
rdns = false
default_realm = DOMAIN.COM
dns_lookup_kdc = true
[realms]

EXAMPLE.COM = {
kdc = kerberos.domain.com
admin_server = kerberos.domain.com
}
[domain_realm]

.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM

Join the Domain

Now we can join the centos machine to the domain. We will use the net command to join the machine to the domain.

net ads join DOMAIN.COM -U adminuser

We can test the join with the following command

net ads testjoin

It will prompt back with (Join is OK) it means it was successful.
Restart and enable the services

systemctl restart smb && systemctl enable smb
systemctl restart winbind && systemctl enable winbind

Read Also: 10 useful S3 commands

List of users

If you want to see the list of all users in Active Directory use wbinfo command to see the list

wbinfo -u

Home Directories

This is optional step if you want to create home directories of Active Directory users
For this you need to create a directory for example /home/domainname then it will create users home directories like /home/domainname/user. We will use acl to give permission to directories

mkdir /home/DOMAIN

setfacl -m group:"Domain Users":rwx /home/DOMAIN

Now you can try to ssh from another linux machine with AD users and check whether it is working or not.

ssh aduser@ipaddress

If you got some issues following this tutorial feel free to comment below..

Read Also: How to install docker on centos?
How to install vagrant on centos?

Leave a Reply

Your email address will not be published.


*