Initial add of defaria.com

[clearscm.git] / defaria.com / blogs / Status / 2016 / 04 / configuring-linux-to-authenticate-to-active-directory-using-winbind-1.html

<!DOCTYPE html>
<html lang="en-us" itemscope itemtype="http://schema.org/Article">
  <head>
    <meta charset="utf-8">
    <meta name="description" content="Under Linux, you can use winbind from the Samba suite of tools to authenticate with Windows Active Directory. Refer to Setup CentOS to authenticate via Active Directory for how to set up CentOS to authenticate to Active directory. Windows uses...">
    <meta name="generator" content="Movable Type 5.2.3">
    <title>Configuring Linux to Authenticate to Active Directory using Winbind - Status</title>
    <link rel="alternate" type="application/atom+xml" title="Recent Entries" href="http://defaria.com/blogs/Status/atom.xml">
    <link rel="canonical" href="http://defaria.com/blogs/Status/2016/04/configuring-linux-to-authenticate-to-active-directory-using-winbind-1.html">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles.css">
    <!--[if lt IE 9]>
    <link rel="stylesheet" href="http://defaria.com/blogs/Status/styles_ie.css">
    <script src="/mt/mt-static/support/theme_static/rainier/js/html5shiv.js"></script>
    <![endif]-->
    
    <link rel="start" href="http://defaria.com/blogs/Status/">

    <link rel="prev" href="http://defaria.com/blogs/Status/2016/02/configuring-linux-to-authenticate-to-active-directory-using-winbind.html" title="Configuring Linux to Authenticate to Active Directory using Winbind">
    
    <!-- Open Graph Protocol -->
    <meta property="og:type" content="article">
    <meta property="og:locale" content="en-us">
    <meta property="og:title" content="Configuring Linux to Authenticate to Active Directory using Winbind">
    <meta property="og:url" content="http://defaria.com/blogs/Status/2016/04/configuring-linux-to-authenticate-to-active-directory-using-winbind-1.html">
    <meta property="og:description" content="Under Linux, you can use winbind from the Samba suite of tools to authenticate with Windows Active Directory. Refer to Setup CentOS to authenticate via Active Directory for how to set up CentOS to authenticate to Active directory. Windows uses...">
    <meta property="og:site_name" content="Status">
    <meta property="og:image" content="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
    <!-- Metadata -->
    <meta itemprop="description" content="Under Linux, you can use winbind from the Samba suite of tools to authenticate with Windows Active Directory. Refer to Setup CentOS to authenticate via Active Directory for how to set up CentOS to authenticate to Active directory. Windows uses...">
    <link itemprop="url" href="http://defaria.com/blogs/Status/2016/04/configuring-linux-to-authenticate-to-active-directory-using-winbind-1.html">
    <link itemprop="image" href="/mt/mt-static/support/theme_static/rainier/img/siteicon-sample.png">
    
  </head>
  <body>
    <div id="container">
      <div id="container-inner">
        <header id="header" role="banner">
          <div id="header-inner">
            <div id="header-content">
              <h1>
                <a href="http://defaria.com/blogs/Status/">

                  Status

                </a>
              </h1>
              
            </div>

            <nav role="navigation">
          <ul>
            <li><a href="http://defaria.com/blogs/Status/">Home</a></li>


          </ul>
        </nav>

          </div>
        </header>
        <div id="content">
          <div id="content-inner">
            <ul class="breadcrumb breadcrumb-list">
              <li class="breadcrumb-list-item"><a href="http://defaria.com/blogs/Status/">Home</a></li>
              <li class="breadcrumb-list-item">Configuring Linux to Authenticate to Active Directory using Winbind</li>
            </ul>
            <div id="individual-main" class="main" role="main">
              <article id="entry-1998" class="entry entry-asset asset hentry">
                <div class="asset-header">
                  <h2 itemprop="name" class="asset-name entry-title">Configuring Linux to Authenticate to Active Directory using Winbind</h2>
                  <footer class="asset-meta">
                    <ul class="asset-meta-list">
                      <li class="asset-meta-list-item">Posted on <time datetime="2016-04-18T14:32:48-08:00" itemprop="datePublished">April 18, 2016</time></li>
                      <li class="asset-meta-list-item">by <span class="author entry-author vcard"></span></li>

  

                   </ul>
                </footer>
                </div>
                <div class="entry-content asset-content" itemprop="articleBody">
                  <p>Under Linux, you can use winbind from the Samba suite of tools to authenticate with Windows Active Directory. Refer to Setup CentOS to authenticate via Active Directory for how to set up CentOS to authenticate to Active directory. Windows uses Kerberos to perform authentication so you'll need to set that up. The above link talks about running authconf with lots of parameters to set it all up. That may be a better way in the end but I got it working starting with authconf then tweaking. Here are my resultant files that seem to work. Later I might figure out how to do it with authconfig.</p>
<ol>
<li>First you'll need some software if it was not previously installed. The following installs all you need for CentOS (Ubuntu still needs to be investigated for the corresponding apt-get installation):<br /><br /><span style="line-height: 1.618;">Install software<br /><br /></span><span style="line-height: 1.618;">$ yum -y install authconfig krb5-workstation pam_krb5 samba-common<br /><br /></span></li>
<li><span style="line-height: 1.618;">Edit /etc/krb5.conf to look like:<br /><br /></span><span style="line-height: 1.618;">/etc/krb5.conf (Audience)</span></li>
</ol>
<p style="margin-left: 30px;">[libdefaults]<br /><span style="line-height: 1.618;">default_realm = AUDIENCE.LOCAL<br /></span><span style="line-height: 1.618;">ns_lookup_realm = true<br />d</span><span style="line-height: 1.618;">ns_lookup_kdc = true<br /></span><span style="line-height: 1.618;">ticket_lifetime = 24h<br /></span><span style="line-height: 1.618;">renew_lifetime = 7d<br /></span><span style="line-height: 1.618;">forwardable = true</span></p>
<p style="margin-left: 30px;">[realms]<br /><span style="line-height: 1.618;">audience.com = {<br /></span><span style="line-height: 1.618;">  kdc = dc1.audience.local<br /></span><span style="line-height: 1.618;">  admin_server = dc1.audience.local<br /></span><span style="line-height: 1.618;">}</span></p>
<p style="margin-left: 30px;">/etc/krb5.conf (Knowles)</p>
<p style="margin-left: 30px;">[libdefaults]<br /><span style="line-height: 1.618;">default_realm = KNOWLES.COM<br /></span><span style="line-height: 1.618;">dns_lookup_realm = true<br /></span><span style="line-height: 1.618;">dns_lookup_kdc = true<br /></span><span style="line-height: 1.618;">ticket_lifetime = 24h<br /></span><span style="line-height: 1.618;">renew_lifetime = 7d<br /></span><span style="line-height: 1.618;">forwardable = true</span></p>
<p style="margin-left: 30px;">[realms]<br /><span style="line-height: 1.618;">knowles.com = {<br /></span><span style="line-height: 1.618;">  kdc = dc1.knowles.com<br /></span><span style="line-height: 1.618;">  admin_server = dc1.knowles.com<br /></span><span style="line-height: 1.618;">}</span></p>
                  
                </div>
                <nav class="page-navigation entry-navigation pagination content-nav">
                  <ul class="page-navigation-list">

                    <li class="page-navigation-list-item page-navigation-prev"><a rel="prev" href="http://defaria.com/blogs/Status/2016/02/configuring-linux-to-authenticate-to-active-directory-using-winbind.html" title="Configuring Linux to Authenticate to Active Directory using Winbind">Previous entry</a></li>


                  </ul>
                </nav>
                <!--
<aside id="zenback" class="zenback feedback">
  Please paste Zenback script code here.
</aside>
-->
                
                
              </article>
            </div>
            <aside class="widgets related" role="complementary">
              <nav class="widget-search widget">
  <div class="widget-content">
    <form method="get" id="search" action="http://defaria.com/mt/mt-search.cgi">
      <div>
        <input type="text" name="search" value="" placeholder="Search...">

        <input type="hidden" name="IncludeBlogs" value="8">

        <input type="hidden" name="limit" value="20">
        <button type="submit" name="button">
          <img alt="Search" src="/mt/mt-static/support/theme_static/rainier/img/search-icon.png">
        </button>
      </div>
    </form>
  </div>
</nav>
<nav class="widget-archive-category widget">
  <h3 class="widget-header">Categories</h3>
  <div class="widget-content">
    
      
    <ul class="widget-list">
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/ameriquest/">Ameriquest (99)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/audience/">Audience (4)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/broadcom/">Broadcom (76)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/gpdb/">GPDB (35)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-dynamics/">General Dynamics (61)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/general-electric/">General Electric (13)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/hewlett-packard/">Hewlett Packard (13)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/lynuxworks/">LynuxWorks (162)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/pqa/">PQA (35)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/salira/">Salira (79)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/tellabs/">Tellabs (2)</a>
      
      
      </li>
      
    
      
      
      <li class="widget-list-item"><a href="http://defaria.com/blogs/Status/texas-instruments/">Texas Instruments (31)</a>
      
      
      </li>
      
    </ul>
      
    
  </div>
</nav>
  

<nav class="widget-archive-dropdown widget">
  <h3 class="widget-header">Archives</h3>
  <div class="widget-content">
    <select>
      <option>Select a Month...</option>
    
      <option value="http://defaria.com/blogs/Status/2016/04/">April 2016</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2016/02/">February 2016</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2014/09/">September 2014</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2014/04/">April 2014</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2014/03/">March 2014</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2013/02/">February 2013</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2012/09/">September 2012</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2012/08/">August 2012</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2012/05/">May 2012</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2012/04/">April 2012</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2012/02/">February 2012</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2012/01/">January 2012</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2011/10/">October 2011</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2011/07/">July 2011</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2010/09/">September 2010</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2010/08/">August 2010</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2010/04/">April 2010</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2010/03/">March 2010</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2010/02/">February 2010</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2009/05/">May 2009</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2009/04/">April 2009</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2008/07/">July 2008</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2008/05/">May 2008</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2008/04/">April 2008</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2008/03/">March 2008</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2008/02/">February 2008</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2008/01/">January 2008</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/12/">December 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/11/">November 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/10/">October 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/09/">September 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/08/">August 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/07/">July 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/06/">June 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/05/">May 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/04/">April 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/03/">March 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2007/01/">January 2007</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/12/">December 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/11/">November 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/10/">October 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/09/">September 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/07/">July 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/06/">June 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/05/">May 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/04/">April 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/03/">March 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/02/">February 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2006/01/">January 2006</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/12/">December 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/11/">November 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/10/">October 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/09/">September 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/08/">August 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/07/">July 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/06/">June 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/05/">May 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/04/">April 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/03/">March 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/02/">February 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2005/01/">January 2005</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/12/">December 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/09/">September 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/08/">August 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/07/">July 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/06/">June 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/05/">May 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/04/">April 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/03/">March 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/02/">February 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2004/01/">January 2004</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2003/12/">December 2003</option>
    
  
    
      <option value="http://defaria.com/blogs/Status/2003/11/">November 2003</option>
    
    </select>
  </div>
</nav>
    
  

<div class="widget-syndication widget section">
  <div class="widget-content">
    <p><img src="http://defaria.com/mt/mt-static/images/status_icons/feed.gif" alt="Subscribe to feed" width="9" height="9" /> <a href="http://defaria.com/blogs/Status/atom.xml">Subscribe to this blog's feed</a></p>

  </div>
</div>

            </aside>
          </div>
        </div>
        <footer id="footer" role="contentinfo">
          <div id="footer-inner">
            <div id="footer-content">
  <nav role="navigation">
          <ul>
            <li><a href="http://defaria.com/blogs/Status/">Home</a></li>


          </ul>
        </nav>

  <p class="license">&copy; Copyright 2016.</p>
  <p class="poweredby">Powered by <a href="http://www.movabletype.org/">Movable Type</a></p>
</div>
          </div>
        </footer>
      </div>
    </div>
    <script src="http://defaria.com/mt/mt-static/jquery/jquery.min.js"></script>
    <script src="http://defaria.com/blogs/Status/mt-theme-scale2.js"></script>
  </body>
</html>