Re: [CentOS] Ad integration with centos 6
I wrote an article some time ago for CentOS 6 and have been using this setup in production since. http://itscblog.tamu.edu/joining-samba-to-a-windows-2008-r2-domain/ My servers that interact with AD allow both AD based file sharing and also SSH access. The most updated configs I use can be found here, https://github.com/treydock/puppet-samba. I just added recent changes where I use AD groups to delegate access to the Linux server. This works with 2008 R2. - Trey On Fri, Dec 23, 2011 at 12:23 AM, dnk d.k.emailli...@gmail.com wrote: Can anyone point me to a tutorial on using Active Directory to authenticate a centos 6 server? I just want to use it to authenticate, ssh and restrict access to a particular ad group. I prefer to use the lightest method possible. I know you can use ldap, or winbind, etc. I have been trying to follow the ones I have been googling, but none of them seem quit complete. My issue is that I have no ldap experience. Dnk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ad integration with centos 6
Hi dnk, Le 23/12/2011 07:23, dnk a écrit : Can anyone point me to a tutorial on using Active Directory to authenticate a centos 6 server? I just want to use it to authenticate, ssh and restrict access to a particular ad group. I prefer to use the lightest method possible. I know you can use ldap, or winbind, etc. I have been trying to follow the ones I have been googling, but none of them seem quit complete. My issue is that I have no ldap experience. Dnk I am personnally using SSSD (System Security Service Deamon) to authenticate C6 (SL6) against AD. See this blog link that looks good : http://www.ohjeah.net/2011/06/09/linux-ssh-pam-ldap-sssd-2008-r2-ad-deployment/ There is something more that I do before configuring Authentication, is to add the machine to AD with Samba (net join ads...). In /etc/krb5.conf, I added the encryption types required by AD 2008 : ... [libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 clockskew = 300 Hopes that helps... Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ad integration with centos 6
Hi Alain, I had tried that tutorial, and had issues with that one as well. I obviously was missing something when I tried it. I actually got my machine in AD using likewise open. It works quite well, with minimal config. I appreciate the pointers though! D On Wednesday, December 28, 2011, Alain Péan alain.p...@lpp.polytechnique.fr wrote: Hi dnk, Le 23/12/2011 07:23, dnk a écrit : Can anyone point me to a tutorial on using Active Directory to authenticate a centos 6 server? I just want to use it to authenticate, ssh and restrict access to a particular ad group. I prefer to use the lightest method possible. I know you can use ldap, or winbind, etc. I have been trying to follow the ones I have been googling, but none of them seem quit complete. My issue is that I have no ldap experience. Dnk I am personnally using SSSD (System Security Service Deamon) to authenticate C6 (SL6) against AD. See this blog link that looks good : http://www.ohjeah.net/2011/06/09/linux-ssh-pam-ldap-sssd-2008-r2-ad-deployment/ There is something more that I do before configuring Authentication, is to add the machine to AD with Samba (net join ads...). In /etc/krb5.conf, I added the encryption types required by AD 2008 : ... [libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 clockskew = 300 Hopes that helps... Alain -- == Alain Péan - LPP/CNRS Administrateur Système/Réseau Laboratoire de Physique des Plasmas - UMR 7648 Observatoire de Saint-Maur 4, av de Neptune, Bat. A 94100 Saint-Maur des Fossés Tel : 01-45-11-42-39 - Fax : 01-48-89-44-33 == ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ad integration with centos 6
- Original Message - | Hi Alain, | | I had tried that tutorial, and had issues with that one as well. I | obviously was missing something when I tried it. | | I actually got my machine in AD using likewise open. It works quite | well, | with minimal config. | | I appreciate the pointers though! | | D Now try diagnosing the problem when you have no idea what LWO did or continues to do to make things work. We had a great deal of problems with LWO. It was a cinch to set up but debugging it quickly became tedious because troubleshooting a system we didn't understand how all the pieces fit together was met with, well, pain. Quite often it was easier to just re-install the node then try to troubleshoot why something wasn't working. At least, that's my experience. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ad integration with centos 6
On Wednesday, December 28, 2011, James A. Peltier jpelt...@sfu.ca wrote: - Original Message - | Hi Alain, | | I had tried that tutorial, and had issues with that one as well. I | obviously was missing something when I tried it. | | I actually got my machine in AD using likewise open. It works quite | well, | with minimal config. | | I appreciate the pointers though! | | D Now try diagnosing the problem when you have no idea what LWO did or continues to do to make things work. We had a great deal of problems with LWO. It was a cinch to set up but debugging it quickly became tedious because troubleshooting a system we didn't understand how all the pieces fit together was met with, well, pain. Quite often it was easier to just re-install the node then try to troubleshoot why something wasn't working. At least, that's my experience. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier I will do the best I can with the talent I have ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Those are very valid points. I just was able to get this setup, where as I couldn't get the others. D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Ad integration with centos 6
Can anyone point me to a tutorial on using Active Directory to authenticate a centos 6 server? I just want to use it to authenticate, ssh and restrict access to a particular ad group. I prefer to use the lightest method possible. I know you can use ldap, or winbind, etc. I have been trying to follow the ones I have been googling, but none of them seem quit complete. My issue is that I have no ldap experience. Dnk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos