Packages Required
- Samba
- Krb5
- nss
Assumption : ( Change according to your Configuration )
Domain Name : TEST.PDC
Domain Controller: hostname-dc IP address 172.16.120.1
Adddition Domain Controller: hostname-adc IP Address 172.16.120.2
Disable the Firewall SELinux , stop iptables
[root@LRC-PRINTER ~]# yum install samba* krb5* nss* --skip-broken
(1) Chage the host file, to do the entry of ADC and DC server
[root@LRC-PRINTER ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.120.2 hostname-adc.test.pdc TEST.PDC test.pdc
172.16.120.1 hostname-dc.test.pdc
[root@LRC-PRINTER ~]#gedit /etc/ntp.conf
[root@LRC-PRINTER ~]#gedit /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server hostname-adc.test.pdc
server hostname-dc.test.pdc
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
[root@LRC-PRINTER ~]# service ntpdate start
ntpdate: Synchronizing with time server: [ OK ]
[root@LRC-PRINTER ~]# chkconfig ntpdate on
(3) change in /etc/krb5 file
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm =TEST.PDC
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
TEST.PDC = {
kdc = hostname-adc.test.pdc
admin_server = jhostname-adc.test.pdc
kdc = hostname-adc.test.pdc
}
[domain_realm]
.test.pdc = TEST.PDC
(4) cahnge the file /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
TEST.PDC = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
(5) Add the Follwing Line in Global Parameter in /etc/samba/smb.conf
workgroup = TEST
password server = hostname-adc.test.pdc
realm = TEST.PDC
security = ads
winbind use default domain = true
winbind offline logon = false
(6) Now type the command authconfig-tui
[root@LRC-PRINTER ~]# authconfig-tui
Click next
Enter the Domain administrator username and password and press ok
[/usr/bin/net join -w TEST -S hostname-adc.test.pdc -U administrator]
Enter administrator's password:<...>
Using short domain name -- TEST
Joined 'LRC-PRINTER' to dns domain 'test.pdc'
No DNS domain configured for lrc-printer. Unable to perform DNS Update.
DNS update failed!
[root@LRC-PRINTER ~]#
To check the user
[root@LRC-PRINTER ~]# wbinfo -u
guest
administrator
kirpal.singh
upendra.dubey
krbtgt
support_388945
//“Output Shorten”
[root@LRC-PRINTER ~]# chkconfig smb on
[root@LRC-PRINTER ~]# chkconfig nmb on
[root@LRC-PRINTER ~]# chkconfig winbind on
Go to System------------------>system---------------Authentication
Go to advance option and click the checkbox which says “Create Home Directory on first login”
and then click apply
Now Reboot the System and Login With the user name and password
For any Queries feel free to mail me at :
abhishek.verma7@gmail.com
No comments:
Post a Comment