TheServerPlaypen

integratingLinuxsolutionsintheSoHoSMBEnterpriseWindowsenvironment

IntegratingCentOS7withActiveDirectoryusingWinbind
May25,2015May30,2015
pfongsam Centos
AD,Centos,Winbind
HadaneedforCentOSandADintegration.SearchedtheWebforexamplesofCentOS+Samba+Winbind.Howevernonetthebill.Endedup
craftingmyown.
SohereisaquickandtestedverbatimmethodofintegratingCentOS7.xinanActiveDirectorydomainbyusingWinbind.
Thestepsprovidedherearenotcommentedindetail.TheassumptionisthatyoualreadyknowyourwayaroundLinuxandthevieditor,andof
course,ActiveDirectory.However,therearevalidationstepsalongtowaytoensurethingsareworkinguptothepoint.
StartowithaCentOS7minimalinstall.IusedVirtualBoxasaquickandeasytest/prototypeplatformbeforerollingouttoaproduction
platform.CongureahostnameandsetastaticIPaddress.Besure/etc/resolv.confpointstotheADasthenameserver.
Intheexamplebelow,myActiveDirectorydomainisFSHOME.Mydomainisfshome.local.MyADserverFQDNisfshomead.fshome.local
Togetgoingevenfaster,justcutandpastethecommandsbelowofcourse,changinganyofmynamereferencestoyoursasapplicable.
#
#Centos7.xleserverwithADauthenticationofusers::revision5/1/2015
#

#turnotherewall

#turnotherewall
systemctlstoplewalld.service
systemctldisablerewalld.service
#checkselinuxstatusandturnoasnecessary
sestatus
#vi/etc/selinux/congandchangetoselinux=disabled
#installauxillarypackagesthesewillbeuseful
yumyinstallntp
yumyinstallbindutils
yumyinstallnettools
#verifyCentoscanresolvetheADserver
nslookupfshomead
#verifyCentoscanreachtheADserver
pingfshomead
Basicstepsandvalidationtestsareoutoftheway,somovingon
#setuptimesyncronizationtotheADsettheserverpooltoincludetheAD
vi/etc/ntp.conf
#addtheADservertothentpserverpool,e.g.,serverfshomead.fshome.local
#createthehomedirectoryforthedomainusersnotenamecapitalization
mkdir/home/FSHOME
chmod0777/home/FSHOME
#installthenecessarypackages
yumyinstallsambasambawinbind*
yumyinstallauthconggtk*
#verifythetimecanbepulledfromtheADserver
nettimeSfshomead

#syncthetimetotheADserver

#syncthetimetotheADserver
nettimesetSfshomead
#startandenabletheservicestorunatboottimentpd,smb,winbind
systemctlstartntpd
systemctlenablentpd
systemctlstartsmb
systemctlenablesmb
systemctlstartwinbind
systemctlenablewinbind
#verifythatntpd,smb,andwinbindareindeedenabledtostartatboottime
systemctllistunitlestype=service|grepenabled
#setupwinbindauthentication
authcongtui
#congureasshowninthefollowinggraphics

(hps://theserverplaypen.les.wordpress.com/2015/05/authcong1.png)

(hps://theserverplaypen.les.wordpress.com/2015/05/authcong2.png)

(hps://theserverplaypen.les.wordpress.com/2015/05/authcong3.png)

(hps://theserverplaypen.les.wordpress.com/2015/05/authcong4.png)

(hps://theserverplaypen.les.wordpress.com/2015/05/authcong5.png)
#ignoretheNoDNSnamecongurederrorafterenteringthepassword
#verifydomainjoin

#verifydomainjoin
netadstestjoin
#verifyADserverinfo
netadsinfo
#verifyusersarepulledfromAD
wbinfou
#verifygroupsarepulledfromAD
wbinfog
ThelistingwillshowtheoutputasDOMAIN/username.Samewiththegroups.Sotoxthat
#removetheDOMAINprexesfromtheusersandthegroups
authcongenablewinbindusedefaultdomainupdate
#verifytheDOMAINprexnolongerexist
wbinfou
wbinfog
###
###ontheADserverrunthedsquery*commandtoverifythe
###CentosresultscorrespondtoAD
###forgranularityrunthefollowing:dsqueryou,dsquerygroup,dsqueryuser
###
#allowautocreationofhomedirectoriesfromsshuserslogin
authcongenablemkhomedirupdate
#allowautocreationofhomedirectoriesfromWindowsclientsloginbyusingascriptforsame
#createscriptasshownbelow
touch/usr/local/sbin/mkhomedir.sh
vi/usr/local/sbin/mkhomedir.sh
scriptstart
#!/bin/bash
if[!e/home/FSHOME/$1];then

if[!e/home/FSHOME/$1];then
mkdirm0700/home/FSHOME/$1
chown$1:domainusers/home/FSHOME/$1

exit0
scriptend
#setscriptpermission
chmodu=rwsx,g=rwx,o=rwx/usr/local/sbin/mkhomedir.sh
#verifythescriptpermissions
lsl/usr/local/sbin/mkhomedir.sh
NowneedtomakechangestothedefaultSambacongurationinthe[homes]section
#setupsmb.conf[homes]section
vi/etc/samba/smb.conf
[homes]
comment=HomeDirectories

inheritpermissions=yes
rootpreexec=/usr/local/sbin/mkhomedir.sh%U
#rebootCentos
sync;reboot
#verifycongurationstillholdsafterreboot
netadstestjoin
netadsinfo
wbinfou
wbinfog
#loginfromaWindowsworkstationandverifytheusersdirectoryisautomaticallycreated,andlescanbeaddedanddeleted
NOTE:ifyouareusingaworkstationthatisnotalreadydomainenabledforlogins,youwillneedtoprextheusernamewiththeDOMAINname
asshownbelow

(hps://theserverplaypen.les.wordpress.com/2015/05/adlogin.png)

#HaveFun!
####
###tools/notesforreference
###
#dumpalistoftheautocongseings
authcongtest>authcong.txt
#changethehostname
hostnamectlsethostnamecentos7vb.fshome.local
#iftheleserverhostnameischanged,rerunauthcongtuitorejointhedomainwiththenewhostname
#torestartthenetworkinterfaces
systemctlrestartnetwork.service
#showtheIPaddressontheinterface(s)
ifcong

About these ads (https://wordpress.com/about-these-ads/)

BlogatWordPress.com.(hps://wordpress.com/?ref=footer_blog)