Integrating Centos 7 with Windows Active Directory

When a user logs in to a Linux system, the username and password combination must be verified, or authenticated, as a valid and active user. Sometimes the information to verify the user is located on the local system, and other times the system defers the authentication to a user database on a remote system. In the below example we will configure Linux to use a Windows Active Directory Domain as the user database to which the local system defers authentication to.

Steps to configure Active Directory authentication

Step 1: Install the required prerequisite packages.

[root@localhost ~]# yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd ntpdate ntp

Step 2: Configure the resolve.conf with the applicable search domains and nameservers.

[root@localhost ~]# vi /etc/resolv.conf
search domain.local
nameserver 10.1.0.11
nameserver 10.1.0.12

Step 3: Perform a realm join with a domain user account.

[root@localhost ~]# realm join --user=domainuser domain.local
Password for domainuser:

Step 4: List the realm configured to ensure integration with Active Directory was successful.

[root@localhost ~]# realm list
domain.local
  type: kerberos
  realm-name: DOMAIN.LOCAL
  domain-name: domain.local
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  login-formats: %U@domain.local
  login-policy: allow-realm-logins

Step 5: Using visudo configure user permissions per the below. This will allow the Domain Admins group access to the Linux machine and run any commands.

[root@localhost ~]# visudo
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%DOMAIN.LOCAL\\Domain\ Admins ALL=(ALL) ALL

NOTE: Any user group with a space in the name must be separated in the configuration with "\ ". E.g. Domain\ Admins.

Verify the configuration

Now that the configuration is finished lets verify authentication works. Using a SSH client, such as Putty, we can login to the remote Linux system or locally. If successful you will be able to successfully login as I was able to do below.

login as: domain\user1
domain\user1@10.1.10.11's password:
Last login: Wed Aug 23 10:34:27 2015 from user-pc.domain.local
[user1@domain.local@localhost ~]$

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Application Containers

Docker container management using Rancher

What is container management and why to use it?A container management platform is a solution used to o create cloud-native, distributed applications and package legacy applications that were not originally designed for virtual environments. Container Read more…

CentOS

Install MySQL Galera Cluster on Centos 7

What is MySQL cluster and how to use it?MySQL Galera Cluster is a synchronous multi-master cluster, available on Linux only, and only supports the XtraDB/InnoDB storage engines . It is designed to provide high availability Read more…

Application Containers

Installing Docker on Centos 7

What are Docker containers and how to use them?Docker is a software technology providing containers. Docker provides an additional layer of abstraction and automation of operating-system-level virtualization on Windows and Linux. Docker uses the resource Read more…