Joining Centos 5 to Windows 2003 R2 Domain

Windows 2003 R2
1. Control Panel -> Add/Remove Programs -> Add/Remove Windows Components -> Active Directory Services
Check Identity Management for Unix -> Details -> Check Admnistration Components and Server for NIS
/* Be sure to insert Windows Server 2003 R2 Disc2 */

2. Administrative Tools -> Active Directory Users and Computers. Unix Attributes will be added on the user properties

3. Configuring Users

Administrator
Administrative Tools -> Active Directory Users and Computers -> Administrator -> Unix Attributes
NIS Domain: jamieson
UID: 10001
Login Shell: /bin/bash
Home Directory: /home/Administrator
Primary group name/GID: 20000

winbind
Create a regular domain user with password never expires and user cannot change password.

Centos 5
yum install samba samba-common samba-client
yum install ntp
chkconfig ntpd on

vi /etc/ntp.conf
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

/etc/init.d/ntpd restart

vi /etc/resolv.conf
search jamieson.local
nameserver 192.168.40.251

vi /etc/hosts /* Just in case of DNS failure */
192.168.40.251 S3.jamieson.local S3

vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = JAMIESON.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes

[realms]
JAMIESON.LOCAL = {
kdc = S3:88
admin_server = S3:749
default_domain = JAMIESON.LOCAL
}

[domain_realm]
.jamieson = JAMIESON.LOCAL
jamieson = JAMIESON.LOCAL

vi /etc/ldap.conf
host ip.address.of.ad.domain.dns.server
base dc=jamieson,dc=local
uri ldap://s3.jamieson.local/
binddn winbind@jamieson.local
bindpw strong-winbind-account-password
scope sub
ssl no
nss_base_passwd dc=jamieson,dc=local?sub
nss_base_shadow dc=jamieson,dc=localsub
nss_base_group dc=jamieson,dc=local?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member

vi /etc/nsswitch.conf
passwd: files winbind ldap
shadow: files winbind ldap
group: files winbind ldap

#hosts: db files nisplus nis dns
hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files winbind
services: files

netgroup: nisplus files winbind

publickey: nisplus

automount: files nisplus winbind
aliases: files nisplus

vi /etc/samba/smb.conf
[global] /* It is very important that this option be inside global */
workgroup = JAMIESON
security = ads
realm = JAMIESON.LOCAL
use kerberos keytab = true
;encrypt passwords = yes
# Optional. Use only if Samba cannot determine the Kerberos server automatically.
;password server = kerberos.example.com
password server = S3.JAMIESON.LOCAL

vi /etc/security/system_operators
root
administrator
winbind

[root@dtp ~]# chkconfig smb on
[root@dtp ~]# chkconfig winbind on
[root@dtp ~]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@dtp ~]# service winbind start
Starting Winbind services:

kinit administrator@JAMIESON.LOCAL

getent passwd administrator
Administrator:*:10001:20000:Administrator:/home/Administrator:/bin/bash

net ads join -w JAMIESON -U Administrator

Reference:

CentOS 5 and Windows 2003 R2 Active Directory Integration

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.