LinuxTechLab.com
Integrating Active Directory with Linux (RHEL / CentOS)
Originally published on
LinuxTechLab.com
Most of the organisations uses Active Directory Domain Services or in short, ADDS, for management & administration of users. We can connect all the Windows system to the ADDS server & ADDS server can then be used to administer users, resources like printers etc & we can also implement group policies based on users or systems. We can not only connect the Windows machine to ADDS server but we can also connect active directory with Linux machines. In this tutorial, we will be connecting Centos 7 machine to a Windows active directory server.
Pre-requisites • A working Active Directory server based on either Windows server 2008 R2 or Windows server 2012, • A Centos 7 (or RHEL 7) machine for connecting to ADDS server.
Step 1- Creating entries for ADDS server in hosts & resolv.conf file Firstly, we have to make sure that we can resolve the name of our Active Directory server from the Centos 7 machine. To do that, we will create an entry for the server in ‘/etc/hosts’ file, $ vi /etc/hosts 192.168.1.100 adds.ltechlab.com adds Here, 192.168.1.100 is the IP address of the ADDS server & Adds.ltechlab.com is the server name for ADDS server. After making an entry in hosts file, we will make another entry in ‘/etc/resolv.conf’ file as well, $ vi /etc/resolv.conf nameserver 192.168.1.100 Save file & exit.
Step 2- Installing required packages We will now move on to installing the packages that are required on Centos machine to connect it to the ADDS server,
$ yum install realmd oddjob oddjob-mkhomedir sssd adcli openldap-clients policycoreutilspython samba-common samba-common-tools krb5-workstation Once these packages have been installed, we can then connect our Centos machine to Active directory server.
Step 3- Connecting to ADDS server We will now use ‘realm’ command to connect our Centos machine to ADDS server, complete command that needs to executed is, $ realm join –user=administrator adds.ltechlab.com You will now be asked to enter the password for the user ‘administrator’, administrator is the user on Active directory which has the rights to connect our machine ADDS server. Upon successful authentication of user ‘administrator’, we would join the domain. To check whether we have joined the domain or not, run $ realm list & we should get output something like, ltechlab.com type: kerberos realm-name: LTECHLAB.COM domain-name: ltechlab.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools login-formats: %U@ltechlab.com login-policy: allow-realm-logins This confirms that we are now part of a windows active directory domain & can now use the users that have been created via active directory to login to the CentOS system.
Now all these AD users will work as local users on your Centos system, to grant the AD users the SUDO right, the process is similar as we do for the local users on any Centos machine i.e. we either create a group with SUDO access & add users to that group or we can either add all the users individually. For more detailed process, kindly check out our article on “GRANTING SUDO ACCESS TO USER ACCOUNTS IN RHEL & CENTOS”.
If you think we have helped you or just want to support us, please consider these :Connect to us: Facebook | Twitter | Google Plus
LinuxTechLab.com