Shulou(Shulou.com)06/01 Report--

How to integrate CentOS 7 and Samba4 AD on the command line, this article describes the corresponding analysis and solution in detail, hoping to help more small partners who want to solve this problem find a simpler and easier way.

This type of setup provides a single centralized database of accounts maintained by Samba, allowing AD users to authenticate to CentOS servers over the network infrastructure.

requirements

Creating AD Infrastructure with Samba4 on Ubuntu

CentOS 7.3 Installation Guide

Step 1: Configure CentOS for Samba4 AD DC

Before you start adding CentOS 7 servers to Samba4 DC, you need to make sure that the network interfaces are configured correctly to query domains through DNS services.

Run the ip address command to list your machine's network interfaces, select the specific network card you want to edit, and run the nmtui-edit command for the interface name (ens33 in this example), as shown below.

# ip address# nmtui-edit ens33

List network interfaces

After opening the network interface for editing, add the static IPv4 configuration that best fits the LAN and make sure the Samba AD domain controller IP address is set for the DNS server.

Also, append the name of your domain to the search field and use the [TAB] key to jump to the OK button to apply the changes.

When you only use short names for domain dns records, the submitted search domain guarantees that the domain counterpart is automatically appended to the dns resolution (FQDN).

configure the network interface

Restart the network daemon to apply the changes and test that DNS resolution is configured correctly by ping the domain name and domain controller, as shown below.

# systemctl restart network.service # ping -c2 tecmint.lan# ping -c2 adc1# ping -c2 adc2

Verify DNS resolution on domain

Also, configure your computer hostname using the following command and restart the machine to apply the changes.

# hostnamectl set-hostname your_hostname # init 6

Verify that the hostname is configured correctly using the following command.

# cat /etc/hostname # hostname

5, ***, Run the following command with root privileges to synchronize local time with Samba4 AD DC.

# yum install ntpdate # ntpdate domain.tld

Time synchronization with Samba4 AD DC

Step 2: Add CentOS 7 Server to Samba4 AD DC

To add CentOS 7 servers to Samba4 AD, first install the following packages on your computer under an account with root privileges.

# yum install authconfig samba-winbind samba-client samba-winbind-clients

To integrate CentOS 7 servers with domain controllers, you can run authconfig-tui with root privileges and use the following configuration.

# authconfig-tui

First screen selection:

In User Information:

Use Winbind

In Authentication, use [Spacebar] to select:

Use Shadow Password

Use Winbind Authentication

Local authorization is sufficient

verify the configuration

8. Click Next to enter the Winbind setting interface and configure it as follows:

Security Model: ads

Domain = YOUR_DOMAIN (use upper case)

Domain Controllers = domain machines FQDN (comma separated if more than one)

ADS Realm = YOUR_DOMAIN.TLD

Template Shell = /bin/bash

Winbind Settings

9. To join a domain, use the [tab] key to jump to the "Join Domain" button and press the [Enter] key to join the domain.

On the next page, add credentials for the Samba4 AD account with elevated privileges to join the computer account to AD, then click OK to apply the settings and turn off the prompt.

Note that when you enter a user password, credentials will not appear on the screen. Click OK again below to complete CentOS 7 domain integration.

Join domain to Samba4 AD DC

Confirm Winbind settings

To force a machine to be added to a specific Samba AD OU, use the hostname command to get the full name of the machine and create a new computer object in that OU using the machine name.

The *** way to add new objects to Samba4 AD is to use ADUC tools on Windows machines that are already integrated into the domain where RSAT tools are installed.

Important: Another way to join a domain is to use the authconfig command line, which provides extensive control over the integration process.

However, this method is prone to errors due to its numerous parameters, as shown below. This command requires a long command line.

# authconfig --enablewinbind --enablewinbindauth --smbsecurity ads --smbworkgroup=YOUR_DOMAIN --smbrealm YOUR_DOMAIN.TLD --smbservers=adc1.yourdomain.tld --krb5realm=YOUR_DOMAIN.TLD --enablewinbindoffline --enablewinbindkrb5 --winbindtemplateshell=/bin/bash--winbindjoin=domain_admin_user --update --enablelocauthorize --savebackup=/backups

After the machine joins the domain, verify that the winbind service is running correctly by using the following command.

# systemctl status winbind.service

Next check if CentOS machine object was successfully created in Samba4 AD. Use AD User and Computer Tools from a Windows machine with RSAT tools installed and enter into your Domain Computer container. A new AD computer account object named CentOS 7 Server should be in the list on the right.

12. ***, use a text editor to open the samba main configuration file (/etc/samba/smb.conf) to adjust the configuration, and append the following line to the end of the [global] configuration block, as follows:

winbind use default domain = true winbind offline logon = true

configure Samba

To create a local home directory on the machine when the AD account *** logs in, run the following command:

# authconfig --enablemkhomedir --update

14, ***, Restart Samba daemon to make changes take effect and log in with an AD account to verify domain join. The AD account's home directory should be created automatically.

# systemctl restart winbind # su - domain_account

Verify Domain Join

List domain users or domain groups by one of the following commands.

# wbinfo -u # wbinfo -g

List domain users and groups

To get information about domain users, run the following command.

# wbinfo -i domain_user

List domain user information

To display domain summary information, use the following command.

# net ads info

List Domain Summary

Step 3: Log in to CentOS using Samba4 AD DC account

To authenticate with domain users in CentOS, use one of the following command syntaxes.

# su - ‘domain\domain_user’ # su - domain\\domain_user

Or if the winbind use default domain = true parameter is set in the samba configuration file, use the following syntax.

# su - domain_user # su - domain_user@domain.tld

To add root privileges to a domain user or group, edit the sudoers file using visuocommand and add the lines shown in the screenshot below.

YOUR_DOMAIN\\domain_username ALL=(ALL:ALL) ALL #For domain users %YOUR_DOMAIN\\your_domain\ group ALL=(ALL:ALL) ALL #For domain groups

Or if the winbind use default domain = true parameter is set in the samba configuration file, use the following syntax.

domain_username ALL=(ALL:ALL) ALL #For domain users %your_domain\ group ALL=(ALL:ALL) ALL #For domain groups

Grant root privileges to domain users

The following series of commands for Samba4 AD DC can also be used for troubleshooting:

# wbinfo -p #Ping domain # wbinfo -n domain_account #Get the SID of a domain account # wbinfo -t #Check trust relationship

To leave the domain, run the following command on your domain name using a domain account with elevated privileges. After removing the computer account from AD, restart the computer to undo the changes before the integration process.

# net ads leave -w DOMAIN -U domain_admin # init 6

That's it! Although this process focuses primarily on integrating CentOS 7 servers into Samba4 AD DC, the same steps described here apply to integrating CentOS servers into Microsoft Windows Server 2012 AD.

On how to integrate CentOS 7 and Samba4 AD in the command line, the answer to the problem is shared here. I hope the above content can be helpful to everyone. If you still have a lot of doubts, you can pay attention to the industry information channel for more relevant knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.