Monday, March 05, 2007

Fedora Core 6 with Active Directory Integration

I have found several sites with information about how to get Active Directory integration into Fedora Core 6. The best one so far seems to be

http://computerbits.wordpress.com/tag/fedora-core-5/

even though it refers to Core 5.

Here is the excerpt from that about AD setup in FC5:

Active Directory Integration
To integrate my laptop with our Active Directory, I use system-config-authentication .
auth.jpg
Check the box under Winbind to enable Winbind support for user information. Click on “Configure Winbind…” to bring up Winbind Settings dialog. Enter the following info.

Winbind Domain: DOMAIN-NAME
Security Model: ads
Winbind ADS Realm: DOMAIN-NAME.COM
Winbind Domain Controllers: dc.domain-name.com
Template Shell: /bin/bash

The default Template Shell is /bin/false which will disable users’ login. Click on “Join Domain” button to join the domain. Click on “OK” will bring you back to Authentication dialog. Click on Authentication tab and check the box under Winbind to enable authendication. Now you can pull user info from Active Directory and your machine can also authenticate with Active Directory. However, the system won’t create user’s home directory for you. You need to modify gdm and login files in /etc/pam.d directory, so that a home directory will be created automatically whenever a new user tries to logon. Here is an example of pam file.

#%PAM-1.0
auth       required     pam_env.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
session    required     pam_mkhomedir.so skel=/etc/skel umask=0022

Here is an example of login file.

#%PAM-1.0
auth       required     pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
session    required     pam_mkhomedir.so umask=0022
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open

Reboot the machine and you can login using Active Directory credential. Remember to enter the user name in this format: DOMAIN-NAME\username . Also, if you need to use ssh to login, the syntax is:

ssh DOMAIN-NAME\username@host.domain-name.com

# posted by Sim : 12:42 PM  
Comments: Post a Comment





<< Home

This page is powered by Blogger. Isn't yours?