UIC ACM

User Tools

Site Tools

Trace:
linux:centos_ad

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:centos_ad [2018/06/13 02:17]
bmiddha 		linux:centos_ad [2021/05/02 21:36]
Line 1: Line 1:
-====== CentOS 7 AD Client ====== 
- 
- 
-====== Install nslcd and kerberos ====== 
- 
-<​code>​ 
-yum install -y pam_krb5 krb5-workstation 
-yum install -y nscd nss-pam-ldapd wget 
-</​code>​ 
- 
-====== Enalble nslcd service ====== 
- 
-<​code>​ 
-systemctl enable nslcd 
-</​code>​ 
- 
-====== Configure nslcd ====== 
- 
-<​code>​ 
-authconfig-tui 
-</​code>​ 
- 
-select "Use LDAP" and "Use LDAP Authentication"​ 
-select "Use TLS" 
-<​code>​ 
-Server: ldaps://​ad1.acm.cs 
-Base DN: dc=acm,​dc=cs 
-</​code>​ 
- 
-====== Update nslcd config ====== 
- 
-<​file|/​etc/​nslcd.conf>​ 
-uri ldaps://​ad1.acm.cs 
-uri ldaps://​ad2.acm.cs 
-uri ldaps://​ad3.acm.cs 
- 
-ldap_version 3 
- 
-base dc=acm,​dc=cs 
- 
-binddn apacheacm@acm.cs 
-bindpw (ask sysadmin) 
- 
-base   ​group ​ ou=ACMGroups,​dc=acm,​dc=cs 
-base   ​passwd ou=ACMUsers,​dc=acm,​dc=cs 
-base   ​shadow ou=ACMUsers,​dc=acm,​dc=cs 
- 
-bind_timelimit 3 
- 
-timelimit 30 
- 
-ssl on 
-#ssl start_tls 
-tls_reqcert never 
- 
-# Mappings for Active Directory 
-pagesize 1000 
-referrals off 
-idle_timelimit 800 
-filter passwd (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) 
-map    passwd uid              sAMAccountName 
-map    passwd homeDirectory ​   unixHomeDirectory 
-map    passwd gecos            displayName 
-filter shadow (&​(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) 
-map    shadow uid              sAMAccountName 
-map    shadow shadowLastChange pwdLastSet 
-filter group  (objectClass=group) 
-</​file>​ 
-nslcd.conf should not be world readable if bindpw is set 
- 
-<​code>​ 
-chmod 600 /​etc/​nslcd.conf 
-</​code>​ 
- 
-====== More LDAP Config ====== 
-make sure that passwd, group and shadow have files and then ldap 
-<​file|/​etc/​nsswitch.conf>​ 
-passwd: ​        files ldap  
-group: ​         files ldap  
-shadow: ​        files ldap 
-</​file>​ 
- 
-====== Start nslcd Service ====== 
-<​code>​ 
-systemctl start nslcd 
-</​code>​ 
-====== Testing the configuration ====== 
-<​code>​ 
-getent passwd 
-</​code>​ 
-you should see the users form AD 
- 
-<​code>​ 
-su - usernameInAd 
-</​code>​ 
-this should work 
-<​code>​ 
-[root@centosimg acmadmin]# su - bmiddha 
-su: warning: cannot change directory to /​home/​bmiddha:​ No such file or directory 
--bash-4.2$ ​ 
-</​code>​ 
- 
- 
-====== Password auth with kerberos ====== 
- 
-<​file|/​etc/​krb5.conf>​ 
-[libdefaults] 
-        default_realm = ACM.CS 
-        dns_lookup_realm = false 
-        dns_lookup_kdc = true 
- 
-[realms] 
- 
-[domain_realm] 
-        acm.cs = ACM.CS 
-        .acm.cs = ACM.CS 
- 
-[logging] 
-#       kdc = CONSOLE 
-</​file>​ 
- 
-Now you should be able to ssh with password 
- 
-====== Sudo access to LAN Admins ====== 
-Create this file 
- 
-<​file|/​etc/​sudoers.d/​AcmLanAdmins>​ 
-%AcmLanAdmins ALL=(ALL) ALL 
-</​file>​ 
- 
-====== Auto create home directories ====== 
-Append File 
-<​file|/​etc/​pam.d/​sshd>​ 
-. 
-. 
-# Create home directories 
-session ​        ​required ​       pam_mkhomedir.so skel=/​etc/​skel/​ 
-</​file>​ 
- 
-====== All Done! ====== 
  
linux/centos_ad.txt ยท Last modified: 2021/05/02 21:36 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki