Unix has been able to authenticate against a central server for a long, long time using LDAP and various other technologies, but Microsoft’s Active Directory is the authentication scheme you are most likely to come across in the enterprise. Using RHEL (well, centos) it’s an easy setup.
From a command line box, run
authconfig-tui
Select “Use Winbind” under User Information and “Use Winbind for Authentication” under Authentication. I also select “Local authorization is sufficient” which we could argue for a long, long time about. That one is up to you.
When you click next, you’ll need to fill in the blanks with your organizations specific information. You do want to use “ads” as your security model if you are on active directory and put a wildcard (*) in the Domain Controllers field. Next hit Join Domain and enter the credentials for an account that has the rights to join this machine to the domain. Next we need to tweak a few files.
in /etc/samba/smb.conf change
“winbind use default domain=no” to “winbind use default domain=”yes”
If you don’t, you will need to enter your domain every time you log a user into the system like AD/User instead of just logging in as User.
Add
idmap backend = rid
into the authconfig section, right under the “idmap gid =” line. This sets up user and group id mappings to use the AD RID. You want this as long as only one domain will be logging into this server. If users from several AD domains will be logging in, you need to hit google.
In /etc/pam.d/system-auth, add
session required pam_mkhomedir.so skel=/etc/skel umask=0077
To the very end of the file. This creates a home directory for each user when they log into the system if they don’t have one already.
Now just issue a
service winbind restart
and you should be on your way!
