Using Active Directory for SuSE Linux 10 Authentication

Posted by Planet Malaysia on August 18, 2008

advertisement

My previous post about How to Authenticate to Active Directory on SuSE Linux 9 & How to join Fedora Core 6 Samba Server to Windows 2003 Active Directory talked about using Microsoft Active Directory(AD) for Linux authentication. Yes! Linux & Microsoft can be friends.

Now we talk about SuSE Linux 10 and Microsoft AD authentication.

Basically everything are same as SLES 9 except PAM configurations.

Note: The setup running on SLES10 SP2 (It should be work on SP1)

Below are PAM configuration for SLES10:

/etc/pam.d/common-password
password sufficient pam_winbind.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_authtok

/etc/pam.d/common-account
account required pam_unix2.so

/etc/pam.d/common-session
session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so

/etc/pam.d/common-auth
auth required pam_env.so
auth required pam_unix2.so

/etc/pam.d/passwd
auth include common-auth
account include common-account
password include common-password
session include common-session

/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session

/etc/pam.d/login
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard

/etc/pam.d/su
auth sufficient pam_rootok.so
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so

/etc/pam.d/sudo
auth include common-auth
account include common-account
password include common-password
session include common-session

/etc/security/pam_unix2.conf
auth: call_modules=winbind
account: call_modules=winbind
password: call_modules=winbind
session: none


/etc/krb5.conf remain same as SLES 9
/etc/samba/smb.conf can be remain same as SLES9 which focus on realm and security.

How to make sure kerberos is working properly, type
#kinit domainadministrator@AD.YOURDOMAIN.COM
Enter your administrator password if required

How to Join AD Domain on Linux?
Type:
#net ads join -U domainadministrator
Domainadministrator’s password:
Using short domain name — AD
Joined ‘AD.YOURDOMAIN.COM’ to realm ‘AD.YOURDOMAIN.COM’

You should be connect to Microsoft AD now. Now see if you can retrieve the Domain Information with the following commands:

wbinfo -u (Lists all domain users)
wbinfo -g (Lists all domain groups)

Testing! Open a new Putty SSH session, login with adyourdomain\youradusename and password.

Note: Please make sure your winbind(/etc/init.d/winbind start) services is running.

e.g adserver01\yourusername

If you’re require sudo, type #visudo and insert:
%ADYOURDOMAIN\\adgroupnamehere ALL=(ALL) ALL
and save.

After login as normal user and type #sudo su -
You’re require to enter your password for access as root.

Congratulations! You’re done!

Possibly Related Posts:


Comments

4 Responses to “Using Active Directory for SuSE Linux 10 Authentication”

  1. VMware ESX 3.5 Authentication Login Using Active Directory | Malaysia VMware Communities on August 26th, 2008 12:01 pm

    [...] SLES 10 Authentication Login Using Active Directory [...]

  2. Faust on August 30th, 2008 11:53 pm

    Thank you! I’m wanting to maybe use SLES 10 in my production environment and this is what I needed.

  3. Planet Malaysia on December 2nd, 2008 9:10 pm

    If you SSH login from one server to another server, you're require to type: “adyourdomainusername@ipaddress” OR ssh adyourdomain\username@ipaddress

  4. Confluence: Operations on July 2nd, 2009 9:53 pm

    SLES10 and Active Directory…

    These notes are based on work around figuring out how to set up SLES10 to support AD, specifically for SMB shares on IMAGE21. Files touched: /etc/krb5.conf /etc/nsswitch.conf /etc/samba/smb.conf /etc/pam.d/commonpassword /etc/pam…….

Leave a Reply




Planet Malaysia

  • Follow us on Twitter


  • web www.planetmy.com