Integration server Centos 7 with a windows domain

Integration server Centos 7 with a windows domain

It is very useful to connect to a linux server in a Windows domain to, for example, log into ssh with a domain account.

First of all, you have to update the system:

Yum update

Installation of the dependencies:

yum install realmd oddjob oddjob-mkhomedir sssd samba-common-tools adcli ntp ntpdate krb5-workstation openldap-clients policycoreutils-python

NTP server configuration :

If you have not already done so, you must configure the time server (often the AD servers are used). First you have to stop the ntpd daemon :

systemctl stop ntpd

We edit the configuration file:

vi /etc/ntp.conf

Next we modify domain names located after server :

ex : server mondomain.local

Then we restart the service ntpd:

systemctl start ntpd

domain integration :

realm join -U “administrateur” –computer-ou=” OU=linux,OU=Serveurs,DC=mondomaine,DC=local” mondomaine.local

This command must be used with the domain administrator account (I tested with a member account of the domain administrators group without success). The parameter –computer-ou = is not mandatory but allows to indicate the UO where to place the server.

Login format modification :

To connect with a login of the form admin_name (without having to specify the domain name @ domain.local), edit the file /etc/sssd/sssd.conf  and modify the parameter like below :

use_fully_qualified_names = False

Then restart the service :

systemctl restart sssd.service

Allow the group AD Grp_admins_Users to connect via ssh :

Next edit the configutaion file sudoers with the visudo command and add the line:

%Grp_admins_Users ALL=(ALL)       NOPASSWD:  ALL

Explanations: AD Group members Grp_admins_Users are allowed to execute any commands from any host without authenticating (this is just an example, avoid these permissions on a critical server !!)

The server is now integrated with the Active Directory but the DNS entry is not created. You have to add this entry manually on your dns server.

Useful commands:

  • sss_cache –E : if you meet connection problems, it may be useful to empty the sssd cache.
  • realm list : display the connection parameters (whose the AD group allowed ton connect)
  • realm leave domain.local : leave the domain domain.local
  • systemctl restart sssd.service : restart the service sssd after each modifications

Official Centos site

SEE TOO MeshCentral2, a remote computer management solution

Leave a Reply

Your email address will not be published. Required fields are marked *