Active Directory

From Gentoo Linux Wiki

Jump to: navigation, search
This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc

This article is still a Stub. You can help Gentoo-Wiki by expanding it.


Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article


Contents

[edit] Introduction

Follow these steps to configure your Gentoo system so you can log into it through ssh using your Active Directory credentials.

[edit] Step ONE - Requisites

Let's make sure we compile our cute openssh daemon with PAM support 

# echo net-misc/openssh pam >> /etc/portage/packages.use
# emerge -av --update --newuse --deep openssh

[edit] Step TWO - Installation

Emerge samba with winbind support 

# echo net-fs/samba winbind ldap >> /etc/portage/package.use
# emerge -av samba

[edit] Step THREE - Configuration

[edit] Winbind

If you don't need to share any folders on the Linux side: 

# nano /etc/conf.d/samba
daemon_list="winbind"

Otherwise: 

# nano /etc/conf.d/samba
daemon_list="smbd nmbd winbind"


[edit] Samba 

# mkdir /home/<YOUR_DOMAIN>
# nano /etc/samba/smb.conf

workgroup = <YOUR_DOMAIN_NAME>
server string = Gentoo
security = DOMAIN
encrypt passwords = true
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
netbios name = <YOUR_LINUX_HOSTNAME>
winbind separator = /

[edit] Join the Domain 

# net join -S <YOUR_DC> -U <AD_ADMIN_USER>

[edit] NSS

You need to add winbind to NSS to make things work: 

# nano /etc/nsswitch.conf

passwd:  compat winbind
shadow:  compat winbind
group:   compat winbind

hosts:   files wins dns

[edit] PAM 

# nano /etc/pam.d/system-auth

#%PAM-1.0
auth       required     pam_env.so
auth       sufficient   pam_winbind.so
auth       sufficient   pam_unix.so use_first_pass likeauth nullok
auth       required     pam_deny.so
account    required     pam_unix.so
password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so
session    required     pam_limits.so
session    required     pam_unix.so
session    required     pam_mkhomedir.so skel=/etc/skel/ umask=0077

[edit] Step FOUR - Finishing 

# /etc/init.d/ssh restart
# /etc/init.d/samba restart
Note: When login on use <YOUR_DOMAIN>/<YOUR_USERNAME> nomenclature. The "/" is important !


Simple isn't it ? :-)

Retrieved from "http://www.gentoo-wiki.com/Active_Directory"
Personal tools