Skip to main content

Make CentOS 6.x an AD member of Windows IIS 2012 R2

Making a CentOS 6.x PC a domain member of an active directory is a tiresome work. I came across this painful task for several time and comes in a conclusion that atleast I will make a document which will be helpful to me in near future. On the meantime if anybody take this step for their use, I wouldn't mind.





So I will go to the task step now --

i) First of all we need some basic (latest) software for making this task possible.
They are --

1. Samba
2. Samba-client
3. Samba-winbind
4. Krb5-workstation
5. Policycoreutils-python


command for the task on console --

yum install -y ntpdate samba samba-client samba-winbind krb5-workstation policycoreutils-python

  ii) Now it's time to make the windows active directory reachable from the centos PC. For that we need to add the active directory FQDN and IP address on resolv.conf

So do it by opening file  /etc/resolv.conf and add the following --

    domain ad.local
    nameserver 192.168.0.1

if ad.local is pingable from console then our work is done for resolving AD.


 iii) Now we need to sync the time of AD and CentOS PC, so that they can authenticate in kerborus mechanism. It can be done by following --

crontab -e
Now add the following on the opening file --

 0 */4 * * * /usr/sbin/ntpdate 192.168.0.1 >/dev/null 2>&1

Now synchronize the time by --

 ntpdate 192.168.0.1
 We will see the synced time and date on console.


iv) Now we ned to edit the samba configuration file --

        [global]
    workgroup = AD
    server string = Samba Server Version %v
    security = ads
    realm = AD.LOCAL
    domain master = no
    local master = no
    preferred master = no
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
    use sendfile = true
    idmap config * : backend = tdb
    idmap config * : range = 100000-299999
    idmap config AD : backend = rid
    idmap config AD : range = 10000-99999
    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yeswhen I again have the same issue.
    winbind nested groups = yes
    winbind refresh tickets = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    restrict anonymous = 6
    log file = /var/log/samba/log.%m
    max log size = 50    


v) Edit krb5.conf file for authentication --

     [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log
    
    [libdefaults]
    default_realm = AD.LOCAL
    ticket_lifetime = 24h
    forwardable = yes
    
    [appdefaults]
    pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
    }
            [domain_realm]
           .ad.local = AD.LOCAL 
            ad.local = AD.LOCAL

vi) Now we update nss configuration file by opening file  /etc/nsswitch.conf .

    passwd: files winbind
    group: files winbind
 We are done.

vii) It's the last step to make centos an AD member of a windows system. Lets over with it by --

 net ads join -U administrator

Will ask for password. Give it and viola!!
 


 
 

 



Labels:

Comments

Post a Comment

Popular posts from this blog

UDP server client in c

Server #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <stdio.h> #include <unistd.h> #include <errno.h> #include <string.h> #include <stdlib.h> int main() {         int sock;         int addr_len, bytes_read;         char recv_data[1024],send_data[1024];         struct sockaddr_in server_addr , client_addr;         if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {             perror("Socket");             exit(1);         }         server_addr.sin_family = AF_INET;         server_addr.sin...
1 comment
Read more

My favourite writer Humayun Ahmed

There is none who can replace him.At least the standard which he create in is life time in the running literature it never be replaceable.The new generation which is all the time busy in playing PC games,chatting ,bands etc. only his writing makes them to take a glance on the literature.For example Himu and Misir ali all the time keep them on track by anti-logic and logic.They also have show-down on the novel.I myself read all of the books of Himu and Misir ali and wait for the new one to come every year.Now I have to wait for life time. Except books he makes our dirty film industry pure by his heart warming ,well versed film.Following him many new producer try to make well and good film (not the dirty one) .He also contribute our drama by his dashing drama's. In writing except romance ,logic ,anti-logic ,he also write many science fiction.His brother Sir Dr. Md. Zafar Iqbal is the man who started science fiction in bangla. The list of books: Selected novels • Lilaboti (2...
Post a Comment
Read more

[ASTERIK] configure: error: *** uuid support not found (this typically means the uuid development package is missing)

ISSUE: Build error on Asterik , when you want test webrtc feature :) checking for uuid_generate_random in -luuid... no checking for uuid_generate_random in -le2fs-uuid... no checking for uuid_generate_random... no configure: error: *** uuid support not found (this typically means the uuid development package is missing) Fix: This issue arises due to missing of UUID generator specified by rfc4122 . +Linux sudo apt-get install uuid-dev  @Unix yum -y install libuuid-devel Asterik comes with lots of helpful script available on - asterisk/contrib/scripts/ folder of your ASTERIK source. So just use the following command on UNIX console to run the asterik pre-requisite script. contrib/scripts/install_prereq install And you are done! configuring. Now -- Make Asterik.
9 comments
Read more