[CentOS] Ad integration with centos 6

Wed Dec 28 16:26:16 UTC 2011
Alain Péan <alain.pean at lpp.polytechnique.fr>

Hi dnk,

Le 23/12/2011 07:23, dnk a écrit :
> Can anyone point me to a tutorial on using Active Directory to authenticate
> a centos 6 server? I just want to use it to authenticate, ssh and restrict
> access to a particular ad group. I prefer to use the lightest method
> possible. I know you can use ldap, or winbind, etc. I have been trying to
> follow the ones I have been googling, but none of them seem "quit complete.
> My issue is that I have no ldap experience.
>
> Dnk
>

I am personnally using SSSD (System Security Service Deamon) to 
authenticate C6 (SL6) against AD. See this blog link that looks good :
http://www.ohjeah.net/2011/06/09/linux-ssh-pam-ldap-sssd-2008-r2-ad-deployment/

There is something more that I do before configuring Authentication, is 
to add the machine to AD with Samba (net join ads...).

In /etc/krb5.conf, I added the encryption types required by AD 2008 :
...
[libdefaults]
     ticket_lifetime = 24000
     default_realm = EXAMPLE.COM
     default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 
des3-hmac-sha1
     default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 
des3-hmac-sha1
     clockskew = 300
....

Hopes that helps...

Alain

-- 
==========================================================
Alain Péan - LPP/CNRS
Administrateur Système/Réseau
Laboratoire de Physique des Plasmas - UMR 7648
Observatoire de Saint-Maur
4, av de Neptune, Bat. A
94100 Saint-Maur des Fossés
Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33
==========================================================