[CentOS] CentOS magic to Active Directory login?
bishoptf at gmail.com
Fri Feb 19 03:07:30 UTC 2010
I just set up a centos 5.4 server with this a couple of weeks agao, really
straight forward, here is the best guide that I found,
On Thu, Feb 18, 2010 at 6:33 PM, Kwan Lowe <kwan.lowe at gmail.com> wrote:
> On Thu, Feb 18, 2010 at 7:22 PM, Scott Ehrlich <srehrlich at gmail.com>
> > I've been trying to follow samba, centos, ldap, and other
> > documentation to try and get a CentOS 5 box to permit a user to log
> > into an existing Windows 200x Active Directory domain without
> > necessarily having the box as part of the domain. If it has to be
> > part of the domain, that is fine. The user shall have no local
> > account on the box - I want their active directory account to
> > automatically produce their account on the CentOS 5 box, likely with a
> > shell of bash.
> > None of the web pages I've visited thus far have helped me configure
> > my test C5 box to allow me to successfully at least log into the
> > console of my C5 box with my AD credentials.
> > Leads to proper configuration of krb5.conf, ldap config files,
> > smb.conf, nsswitch.conf, and whatever else would be most appreciated.
> > I do have have any control of the Windows domain controller other than
> > limited admin rights, which largely allows me to create computer
> > accounts. Thus, majority of the work must be with the CentOS 5, of
> > which I have root and can rebuild as often as needed.
> Easiest way is to just use system-config-authentication. Then
> 1) Enable Winbind support
> 2) Enter your domain
> 3) Select ADS as security model
> 4) Enter your domain controller
> 5) Select /bin/bash as template shell.
> 6) Check "Allow Offline Login" if desired
> 7) Click "Join Domain" then enter an account with join privileges
> Repeat for the "Authentication" tab
> Under the Options tab, I also select
> Cache user information
> Use Shadow PWs
> Local auth is sufficient
> Check accss.conf
> Create home dirs on login
> Finally, edit the /etc/samba/smb.conf and set "winbind user default
> domain" to true so you don't need to prepend the domain to the login.
> I.e., ads/jsixpack
> CentOS mailing list
> CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS