Для Centos 7 все тепрь совсем просто:
|
1 2 3 |
yum -y install epel-release yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common realm join --user admin@example.com EXAMPLE.COM |
ну и use_fully_qualified_names = False в /etc/sssd/sssd.conf
В Centos 6 ставим:
|
1 2 |
yum -y install epel-release yum -y install adcli authconfig sssd krb5-workstation |
DC в /etc/resolv.conf
Правим /etc/krb5.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = dc.example.com admin_server = dc.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM |
Подключаем к AD:
adcli join example.com -U АДМИН
Проверяем:
klist -k
Правим /etc/sssd/sssd.conf
|
1 2 3 4 5 6 7 8 9 |
[sssd] services = nss, pam, ssh, autofs config_file_version = 2 domains = EXAMPLE.COM [domain/EXAMPLE.COM] id_provider = ad default_shell = /bin/bash fallback_homedir = /home/%d/%u #use_fully_qualified_names = True |
|
1 2 3 4 5 |
chown root:root /etc/sssd/sssd.conf chmod 0600 /etc/sssd/sssd.conf authconfig --update --enablesssd --enablesssdauth service sssd start chkconfig sssd on |
Правим /etc/pam.d/system-auth , первой строкой session:
|
1 |
session optional pam_mkhomedir.so skel=/etc/skel umask=077 |