How to Integrate Linux with Active Directory

Today i am here to explain How to Integrate Linux with Active Directory.
After my 5 Month hard work finally i have passed my RHCE ( Red Hat Certified Engineer) Exam. It was interesting to prepare and attempt RHCE exam. So now i have time to write some stuff for my website.

Today I will explain in this article how I change my windows file server into Linux and how I Integrate Linux with Active Directory server for authentication.

`

Back Thoughts.! Why Integrating Linux with Windows Active Directory

I was planning to change my windows file server into Linux. The question is here..

Why Linux?

It’s not because Linux is my favorite operating system there are some facts behind this why I change my windows server into Linux. Linux servers are well known about their ability to run without any failure for years. Linux also can handle large number of process running batter than windows does!. No need to reboot after some changing as windows required typically reboot for some changing to take effect that cause for downtime.

My Real Concern [Security]

If we talk about security so Linux more secure than windows. In network a file server is main target of viruses, they travel in all network via shares so Linux is free from such viruses which effect windows client using shares. Finally I replaced my Windows file server with Linux so I decided to share my work with all of you.

Details of Lab Computers

Domain Controller
  • OS: Windows Server 2003
  • Hostname: ad.broexperts.local
  • IP Address: 192.168.1.100/24

Note:- Windows Server 2003 is working as Active Directory Server and it is also responsible for name resolution (DNS) it’s configured already.

Linux File Server (Samba)
  • OS: CentOS 6.4 x86
  • Hostname: smb.broexperts.local
  • IP Address: 192.168.1.200/24
Client (XP)
  • OS: Windows XP
  • Hostname: pc1.broexperts.local
  • IP Address: 192.168.1.201/24
  • DNS SERVER IP: 192.168.1.201/24

Step-1: Installation of Required Packages Using Yum

log in with root user and enter following command in shell

 yum install -y samba-*

Step-2: Configure Samba

Replace samba configuration files contents with below provided minimal configuration

Open samba configuration file in Vim Text Editor located on “/etc/samba/smb.conf”

vim /etc/samba/smb.conf

[global]
workgroup = BROEXPERTS
realm = AD.BROEXPERTS.LOCAL
security = ads
idmap uid = 100000-200000
idmap gid = 100000-200000
template homedir = /home/{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be}U
template shell = /bin/bash
winbind use default domain = yes
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
[userdata]
path = /user-data
browseable = yes
writeable = yes
valid users = +webproject

Step-3: Create Share Directory & Configure SELinux

Now create share folder in samba and change SELinux context on it.

Create Share directory

mkdir /user-data

Now change SELinux context on this directory

chcon -t samba_share_t /user-data/

Step-4: Run Services on Startup

Make sure all services run on startup after server reboot

chkconfig smb on
chkconfig nmb on
chkconfig winbind on

Step-5: Configure Firewall

Set iptable rules to allow samba related ports.

iptables -I INPUT -p tcp –dport 139 -j ACCEPT
iptables -I INPUT -p tcp –dport 445 -j ACCEPT

Restart and save iptables rules

service iptables save
service iptables restart

Step-6: Configure Kerberos

Configure “/etc/krb5.conf” to simply change the settings according to the below lines.

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = AD.BROEXPERTS.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
BROEXPERTS.LOCAL = {
kdc = ad.broexperts.local
admin_server = ad.broexperts.local
}
[domain_realm]
.broexperts.local = BROEXPERTS.LOCAL
broexperts.local = BROEXPERTS.LOCAL

Step-7: Starting Service

Now all set to start samba service. Run following command to run samba service

service smb restart

Step-8: Join the Domain

As mentioned earlier that, an Active Directory and DNS Server is up and running on Windows Server 2003 OS with HostName: ad.broexperts.local. Enter below command on Linux server to join AD

net join ads -U administrator -S ad.broexperts.local

Step-9: Configure “/etc/nsswitch.conf” File

Make changes into “/etc/nsswitch.conf” file as shown below

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Step-10: Start winbind Service & Check AD Status.

Its time to restart winbind service and then check the connection with Active Directory Server from Linux

service winbind restart

check connection with Active Directory Server.

wbinfo -u

We can see the Active Directory users on our Linux box it means everything working fine.

Step-11: Fetch AD Users

Fetch AD users in “etc/passwd” file using below command.

getent passwd

Note:- If you can see the information stored in your Active Directory such as users and groups appears on your Linux server, its mean you are properly connected with domain controller.

Step-12: Grant Permission

Grant permissions on Samba share directory so all members of “wbproject” group (which is Active Directory group) can access this share.

chown root:webproject /user-data

Step-13: Testing

Finally we have completed all steps successfully so to test your setup, log in with domain user on Windows Xp client (must be member of domain for password less access) or you access shares using run box from xp client and provide Active Directory user credentials.

Watch Video Version :


If you like this Post, please give us your valuable feedback by pressing Vote Up / Vote Down Button. Thanks.

[thumbs-rating-buttons]


Similar Posts