yum install -y pam_krb5 krb5-workstation
yum install -y nscd nss-pam-ldapd wget

systemctl enable nslcd

authconfig-tui

select “Use LDAP” and “Use LDAP Authentication” select “Use TLS” Server: ldaps:ad1.acm.cs Base DN: dc=acm,dc=cs ====== Update nslcd config ====== <file|/etc/nslcd.conf> uri ldaps:ad1.acm.cs uri ldaps:ad2.acm.cs uri ldaps:ad3.acm.cs

ldap_version 3

base dc=acm,dc=cs

binddn apacheacm@acm.cs bindpw (ask sysadmin)

base group ou=ACMGroups,dc=acm,dc=cs base passwd ou=ACMUsers,dc=acm,dc=cs base shadow ou=ACMUsers,dc=acm,dc=cs

bind_timelimit 3

timelimit 30

ssl on #ssl start_tls tls_reqcert never

# Mappings for Active Directory pagesize 1000 referrals off idle_timelimit 800 filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) map shadow uid sAMAccountName map shadow shadowLastChange pwdLastSet filter group (objectClass=group) </file> nslcd.conf should not be world readable if bindpw is set

chmod 600 /etc/nslcd.conf

make sure that passwd, group and shadow have files and then ldap

passwd:         files ldap 
group:          files ldap 
shadow:         files ldap

systemctl start nslcd

getent passwd

you should see the users form AD

su - usernameInAd

this should work

[root@centosimg acmadmin]# su - bmiddha
su: warning: cannot change directory to /home/bmiddha: No such file or directory
-bash-4.2$ 

[libdefaults]
        default_realm = ACM.CS
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]

[domain_realm]
        acm.cs = ACM.CS
        .acm.cs = ACM.CS

[logging]
#       kdc = CONSOLE

Now you should be able to ssh with password

Create this file

%AcmLanAdmins ALL=(ALL) ALL

Append File

.
.
# Create home directories
session         required        pam_mkhomedir.so skel=/etc/skel/