Linux and Windows System Administrators generally undergoes tough time working in integrated environment. Sometimes Linux freaks are required to integrate Linux environment with Windows environment while other time Windows administrators do face problems working in Linux command line.
One of my colleague working as Linux System Administrator was asked to connect ADS to Linux box.Since he has 3 years of experience working only as Linux system admin he did faced issues configuring the same in Windows. He shared the experience with me and I collected the steps.Hope it would be helpful for whoever wanna tweak with it.
Here it goes..
Prerequisite:
Following Samba client RPM’s must be pre-installed on the server:
samba-client-3.0.33-3.7.el5
samba-common-3.0.33-3.7.el5
01)Configuring Linux networking:
a)Make sure that your host file has proper entries for your server [if it is static IP ].
b)Configure DNS client properly. Entries for /etc/resolv.conf file:
search sap.com
nameserver 10.210.1.252
nameserver 10.219.1.252
02)Synchronize the time using NTP.
a)Remove all public server IP’s/Names from /etc/ntp.conf and replace with the Company DNS server IP.
server 10.222.1.252
b)Synchronize the time with spaient time server.
#ntpdate -u 10.222.1.252
c)Start the NTP daemon
# service ntpd restart
d)Set the NTP service to start at boot time.
#chkconfig --level 234 ntpd on
03)Configuring PAM and NSS
a)Run the system-config-authentication in GUI or setup [for authentication configuration] command in CLI.
# system-config-authentication
Check the Winbind option on both the User Information tab (which configures the nss.conf file) and the Authentication tab (which modifies system-auth file).
Click the Configure Winbind button and enter the following entries:
b)Open the /etc/pam.d/system-auth file, then scroll down toward the bottom and insert a highlighted line before the last line. This will create a home directory for a user if doesn’t exists.
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix.so
04)Open the /etc/samba/smb.conf and add/edit the highlighted entries in the global section of this file.
[global]
#--authconfig--start-line--
# Generated by authconfig on 2010/02/13 11:48:48
workgroup = sap
password server = dellads2
realm = SAP.COM
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
idmap backend = rid
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = true
winbind offline logon = false
05)Domain Join and Logging in:
a)Add that machine into a Sapient domain
#net ads join -U
Note: Required NT-ID of a Company IT member who has privileges to add machine into a domain.
b)Start the winbind service and set it up for startup at boot time.
# service winbind restart
# chkconfig --level 234 winbind on
Try logging into the server using your NTID.
Thats Done.
No comments:
Post a Comment