Planet Malaysia Blog

My previous post about How to Authenticate to Active Directory on SuSE Linux 9 & How to join Fedora Core 6 Samba Server to Windows 2003 Active Directory talked about using Microsoft Active Directory(AD) for Linux authentication. Yes! Linux & Microsoft can be friends.

Now we talk about SuSE Linux 10 and Microsoft AD authentication.

Basically everything are same as SLES 9 except PAM configurations.

Note: The setup running on SLES10 SP2 (It should be work on SP1)

Below are PAM configuration for SLES10:

/etc/pam.d/common-password
password sufficient pam_winbind.so
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_authtok

/etc/pam.d/common-account
account required pam_unix2.so

/etc/pam.d/common-session
session optional pam_mkhomedir.so
session required pam_limits.so
session required pam_unix2.so

/etc/pam.d/common-auth
auth required pam_env.so
auth required pam_unix2.so

/etc/pam.d/passwd
auth include common-auth
account include common-account
password include common-password
session include common-session

/etc/pam.d/sshd
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session

/etc/pam.d/login
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard

/etc/pam.d/su
auth sufficient pam_rootok.so
auth include common-auth
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so

/etc/pam.d/sudo
auth include common-auth
account include common-account
password include common-password
session include common-session

/etc/security/pam_unix2.conf
auth: call_modules=winbind
account: call_modules=winbind
password: call_modules=winbind
session: none

/etc/krb5.conf remain same as SLES 9
/etc/samba/smb.conf can be remain same as SLES9 which focus on realm and security.

How to make sure kerberos is working properly, type
#kinit domainadministrator@AD.YOURDOMAIN.COM
Enter your administrator password if required

How to Join AD Domain on Linux?
Type:
#net ads join -U domainadministrator
Domainadministrator’s password:
Using short domain name — AD
Joined ‘AD.YOURDOMAIN.COM’ to realm ‘AD.YOURDOMAIN.COM’

You should be connect to Microsoft AD now. Now see if you can retrieve the Domain Information with the following commands:

wbinfo -u (Lists all domain users)
wbinfo -g (Lists all domain groups)

Testing! Open a new Putty SSH session, login with adyourdomain\youradusename and password.

e.g adserver01\yourusername

If you’re require sudo, type #visudo and insert:
%ADYOURDOMAIN\\adgroupnamehere ALL=(ALL) ALL
and save.

After login as normal user and type #sudo su -
You’re require to enter your password for access as root.

Congratulations! You’re done!

Possibly Related Posts:

• RSS Feed Submissions
• Geo Positions
• Interesting about Google Suggest
• Setup a Linux Highly Availability NFS servers
• How to find empty folders on Linux