There are really two parts to what you are trying to do.
Part 1: Get the user information out of the AD LDAP schema. As I
understand it, this requires modifying the Active Directory first. I
haven't been able to get this to work, but don't control my active
directory either.
Part 2: Authenticate the user via Kerberos. This is not too bad, as
long as you don't care if your desktop can't grant tickets. Two
things you need to do:
Modify /etc/krb5.conf:
* Set the default realm to your AD Domain.
e.g.: default_realm = MY.ACTIVEDIRECTORY.COM)
* Define as a domain_realm your default realm.
e.g.: .my.activedirectory.com = MY.ACTIVEDIRECTORY.COM
* Define the realm.
e.g.: MY.ACTIVEDIRECTORY.COM
{
kdc = dc1.my.activedirectory.com
kdc = dc2.my.activedirectory.com
default_domain = my.activedirectory.com
admin_server = dc1.my.activedirectory.com
}
Modify /etc/pam.d/system-auth -- not something I understand real well,
so don't treat this as definitive information. Try:
auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
If you use that setup, and keep the username entries in /etc/passwd
consistent with the names of users in your active directory, you can
require the user to present their AD password in order to login.
On Dec 18, 2007 2:45 PM, Joseph L. Casale <jcasale@xxxxxxxxxxxxxxxxx> wrote:
>
>
>
>
> I have been searching the net for directions on rhel and centos 5(1) to log
> in to a windows domain and have found many examples, all different and none
> work for me.
>
> Is there a hint to some documentation anyone here knows of that actually
> works?
>
>
>
> Thanks!
> jlc
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
