How to Integrate Linux with Active Directory
Today i am here to explain How to Integrate Linux with Active Directory.
After my 5 Month hard work finally i have passed my RHCE ( Red Hat Certified Engineer) Exam. It was interesting to prepare and attempt RHCE exam. So now i have time to write some stuff for my website.
Today I will explain in this article how I change my windows file server into Linux and how I Integrate Linux with Active Directory server for authentication.
`
Back Thoughts.! Why Integrating Linux with Windows Active Directory
I was planning to change my windows file server into Linux. The question is here..
Why Linux?
It’s not because Linux is my favorite operating system there are some facts behind this why I change my windows server into Linux. Linux servers are well known about their ability to run without any failure for years. Linux also can handle large number of process running batter than windows does!. No need to reboot after some changing as windows required typically reboot for some changing to take effect that cause for downtime.
My Real Concern [Security]
If we talk about security so Linux more secure than windows. In network a file server is main target of viruses, they travel in all network via shares so Linux is free from such viruses which effect windows client using shares. Finally I replaced my Windows file server with Linux so I decided to share my work with all of you.
Details of Lab Computers
Domain Controller
- OS: Windows Server 2003
- Hostname: ad.broexperts.local
- IP Address: 192.168.1.100/24
Note:- Windows Server 2003 is working as Active Directory Server and it is also responsible for name resolution (DNS) it’s configured already.
Linux File Server (Samba)
- OS: CentOS 6.4 x86
- Hostname: smb.broexperts.local
- IP Address: 192.168.1.200/24
Client (XP)
- OS: Windows XP
- Hostname: pc1.broexperts.local
- IP Address: 192.168.1.201/24
- DNS SERVER IP: 192.168.1.201/24
Step-1: Installation of Required Packages Using Yum
log in with root user and enter following command in shell
yum install -y samba-*
Step-2: Configure Samba
Replace samba configuration files contents with below provided minimal configuration
Open samba configuration file in Vim Text Editor located on “/etc/samba/smb.conf”
vim /etc/samba/smb.conf
[global] workgroup = BROEXPERTS realm = AD.BROEXPERTS.LOCAL security = ads idmap uid = 100000-200000 idmap gid = 100000-200000 template homedir = /home/{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be}U template shell = /bin/bash winbind use default domain = yes winbind offline logon = false winbind enum users = yes winbind enum groups = yes [userdata] path = /user-data browseable = yes writeable = yes valid users = +webproject
Step-3: Create Share Directory & Configure SELinux
Now create share folder in samba and change SELinux context on it.
Create Share directory
mkdir /user-data
Now change SELinux context on this directory
chcon -t samba_share_t /user-data/
Step-4: Run Services on Startup
Make sure all services run on startup after server reboot
chkconfig smb on chkconfig nmb on chkconfig winbind on
Step-5: Configure Firewall
Set iptable rules to allow samba related ports.
iptables -I INPUT -p tcp –dport 139 -j ACCEPT
iptables -I INPUT -p tcp –dport 445 -j ACCEPT
Restart and save iptables rules
service iptables save
service iptables restart
Step-6: Configure Kerberos
Configure “/etc/krb5.conf” to simply change the settings according to the below lines.
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = AD.BROEXPERTS.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] BROEXPERTS.LOCAL = { kdc = ad.broexperts.local admin_server = ad.broexperts.local } [domain_realm] .broexperts.local = BROEXPERTS.LOCAL broexperts.local = BROEXPERTS.LOCAL
Step-7: Starting Service
Now all set to start samba service. Run following command to run samba service
service smb restart
Step-8: Join the Domain
As mentioned earlier that, an Active Directory and DNS Server is up and running on Windows Server 2003 OS with HostName: ad.broexperts.local. Enter below command on Linux server to join AD
net join ads -U administrator -S ad.broexperts.local
Step-9: Configure “/etc/nsswitch.conf” File
Make changes into “/etc/nsswitch.conf” file as shown below
passwd: files winbind shadow: files winbind group: files winbind
Step-10: Start winbind Service & Check AD Status.
Its time to restart winbind service and then check the connection with Active Directory Server from Linux
service winbind restart
check connection with Active Directory Server.
wbinfo -u
We can see the Active Directory users on our Linux box it means everything working fine.
Step-11: Fetch AD Users
Fetch AD users in “etc/passwd” file using below command.
getent passwd
Note:- If you can see the information stored in your Active Directory such as users and groups appears on your Linux server, its mean you are properly connected with domain controller.
Step-12: Grant Permission
Grant permissions on Samba share directory so all members of “wbproject” group (which is Active Directory group) can access this share.
chown root:webproject /user-data
Step-13: Testing
Finally we have completed all steps successfully so to test your setup, log in with domain user on Windows Xp client (must be member of domain for password less access) or you access shares using run box from xp client and provide Active Directory user credentials.
Watch Video Version :
If you like this Post, please give us your valuable feedback by pressing Vote Up / Vote Down Button. Thanks.
[thumbs-rating-buttons]