Re: Ad integration with centos 6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi Alain,

I had tried that tutorial, and had issues with that one as well. I
obviously was missing something when I tried it.

I actually got my machine in AD using likewise open. It works quite well,
with minimal config.

I appreciate the pointers though!

D



On Wednesday, December 28, 2011, Alain Péan <alain.pean@xxxxxxxxxxxxxxxxxxxx>
wrote:
> Hi dnk,
>
> Le 23/12/2011 07:23, dnk a écrit :
>> Can anyone point me to a tutorial on using Active Directory to
authenticate
>> a centos 6 server? I just want to use it to authenticate, ssh and
restrict
>> access to a particular ad group. I prefer to use the lightest method
>> possible. I know you can use ldap, or winbind, etc. I have been trying to
>> follow the ones I have been googling, but none of them seem "quit
complete.
>> My issue is that I have no ldap experience.
>>
>> Dnk
>>
>
> I am personnally using SSSD (System Security Service Deamon) to
> authenticate C6 (SL6) against AD. See this blog link that looks good :
>
http://www.ohjeah.net/2011/06/09/linux-ssh-pam-ldap-sssd-2008-r2-ad-deployment/
>
> There is something more that I do before configuring Authentication, is
> to add the machine to AD with Samba (net join ads...).
>
> In /etc/krb5.conf, I added the encryption types required by AD 2008 :
> ...
> [libdefaults]
>     ticket_lifetime = 24000
>     default_realm = EXAMPLE.COM
>     default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> des3-hmac-sha1
>     default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
> des3-hmac-sha1
>     clockskew = 300
> ....
>
> Hopes that helps...
>
> Alain
>
> --
> ==========================================================
> Alain Péan - LPP/CNRS
> Administrateur Système/Réseau
> Laboratoire de Physique des Plasmas - UMR 7648
> Observatoire de Saint-Maur
> 4, av de Neptune, Bat. A
> 94100 Saint-Maur des Fossés
> Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33
> ==========================================================
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux