Shulou(Shulou.com)06/01 Report--

What are the three ways to join the windows ad domain under linux? many beginners are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

Here are three ways to add Windows Acitve Directory under linux and verify your account with AD.

Suppose your environment is AD server: server.redhat.com

Realm: redhat.com

Method 1:

This method is suitable for the environment with graphical interface.

Execute a command

# system-config-authentication

Method 2:

This method is suitable for text interface environment.

Execute a command

# setup

Choice

Authentication

Method 3:

This method is suitable for text interface environment.

Modify / etc/krb5.conf

[root@client1 ~] # cat / etc/krb5.conf

[logging]

Default = FILE:/var/log/krb5libs.log

Kdc = FILE:/var/log/krb5kdc.log

Admin_server = FILE:/var/log/kadmind.log

[libdefaults]

Default_realm = REDHAT.COM

Dns_lookup_realm = false

Dns_lookup_kdc = false

Ticket_lifetime = 24 hours

Forwardable = yes

[realms]

REDHAT.COM = {

Kdc = server.redhat.com.com:88

Admin_server = server.redhat.com:749

Default_domain = redhat.com

}

[domain_realm]

Redhat.com = REDHAT.COM

.redhat.com = REDHAT.COM

[appdefaults]

Pam = {

Debug = false

Ticket_lifetime = 36000

Renew_lifetime = 36000

Forwardable = true

Krb4_convert = false

}

[root@client1 ~] #

2 modify / etc/samba/smb.conf

[global]

#-authconfig--start-line--

Workgroup = redhat.com

Password server = server.redhat.com

Realm = REDHAT.COM

Security = ads

Idmap uid = 16777216-33554431

Idmap gid = 16777216-33554431

Template shell = / bin/bash

Winbind use default domain = false

Winbind offline logon = false

#-authconfig--end-line--

3 modify / etc/nsswitch.conf

Passwd: files winbind

Shadow: files winbind

Group: files winbind

4 modify pam authentication module

Add

[root@client1 ~] # cat / etc/pam.d/system-auth-ac

#% PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

Auth required pam_env.so

Auth sufficient pam_unix.so nullok try_first_pass

Auth requisite pam_succeed_if.so uid > = 500quiet

Auth sufficient pam_winbind.so use_first_pass

Auth required pam_deny.so

Account required pam_unix.so broken_shadow

Account sufficient pam_succeed_if.so uid < 500 quiet

Account [default=bad success=ok user_unknown=ignore] pam_winbind.so

Account required pam_permit.so

Password requisite pam_cracklib.so try_first_pass retry=3

Password sufficient pam_unix.so md5 shadow nullok try_first_pass

Use_authtok

Password sufficient pam_winbind.so use_authtok

Password required pam_deny.so

Session optional pam_keyinit.so revoke

Session required pam_limits.so

Session [success=1 default=ignore] pam_succeed_if.so service in

Crond quiet use_uid

Session required pam_unix.so

Session optional pam_mkhomedir.so

5 join the Windows Active Directory domain

[root@client1] # net ads join-S server.redhat.com-W REDHAT.COM-U

Administrator

6 start winbind

# chkconfig-- level 35 winbind on

# service winbind restart

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.