Windows 2003 R2
1. Control Panel -> Add/Remove Programs -> Add/Remove Windows Components -> Active Directory Services
Check Identity Management for Unix -> Details -> Check Admnistration Components and Server for NIS
/* Be sure to insert Windows Server 2003 R2 Disc2 */
2. Administrative Tools -> Active Directory Users and Computers. Unix Attributes will be added on the user properties
3. Configuring Users
Administrator
Administrative Tools -> Active Directory Users and Computers -> Administrator -> Unix Attributes
NIS Domain: jamieson
UID: 10001
Login Shell: /bin/bash
Home Directory: /home/Administrator
Primary group name/GID: 20000
winbind
Create a regular domain user with password never expires and user cannot change password.
Centos 5
yum install samba samba-common samba-client
yum install ntp
chkconfig ntpd on
vi /etc/ntp.conf
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
/etc/init.d/ntpd restart
vi /etc/resolv.conf
search jamieson.local
nameserver 192.168.40.251
vi /etc/hosts /* Just in case of DNS failure */
192.168.40.251 S3.jamieson.local S3
vi /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = JAMIESON.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
JAMIESON.LOCAL = {
kdc = S3:88
admin_server = S3:749
default_domain = JAMIESON.LOCAL
}
[domain_realm]
.jamieson = JAMIESON.LOCAL
jamieson = JAMIESON.LOCAL
vi /etc/ldap.conf
host ip.address.of.ad.domain.dns.server
base dc=jamieson,dc=local
uri ldap://s3.jamieson.local/
binddn winbind@jamieson.local
bindpw strong-winbind-account-password
scope sub
ssl no
nss_base_passwd dc=jamieson,dc=local?sub
nss_base_shadow dc=jamieson,dc=localsub
nss_base_group dc=jamieson,dc=local?sub?&(objectCategory=group)(gidnumber=*)
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute gecos cn
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
vi /etc/nsswitch.conf
passwd: files winbind ldap
shadow: files winbind ldap
group: files winbind ldap
#hosts: db files nisplus nis dns
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files winbind
services: files
netgroup: nisplus files winbind
publickey: nisplus
automount: files nisplus winbind
aliases: files nisplus
vi /etc/samba/smb.conf
[global] /* It is very important that this option be inside global */
workgroup = JAMIESON
security = ads
realm = JAMIESON.LOCAL
use kerberos keytab = true
;encrypt passwords = yes
# Optional. Use only if Samba cannot determine the Kerberos server automatically.
;password server = kerberos.example.com
password server = S3.JAMIESON.LOCAL
vi /etc/security/system_operators
root
administrator
winbind
[root@dtp ~]# chkconfig smb on
[root@dtp ~]# chkconfig winbind on
[root@dtp ~]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@dtp ~]# service winbind start
Starting Winbind services:
kinit administrator@JAMIESON.LOCAL
getent passwd administrator
Administrator:*:10001:20000:Administrator:/home/Administrator:/bin/bash
net ads join -w JAMIESON -U Administrator
Reference:
CentOS 5 and Windows 2003 R2 Active Directory Integration