Below are the files I had to modify on a RedHat Enterprise Linux 4
(Actually Centos 4) system to get Linux to authenticate agains Active
Directory.
- /etc/pam.d/gdm
- /etc/ldap.conf
- /etc/pam.d/login
- /etc/nscd.conf
- /etc/nsswitch.conf
- /etc/pam.d/sshd
- /etc/pam.d/system-auth
In smb.conf, the directive that nobody seemed to think about when
writing their articles was "winbind use default domain = yes". Google
that
and you'll find out that it's really quite important to all this
working! Without it, you have to log in on the Linux side, specifying
the domain.
e.g. DOMAIN\mike.foley
I wanted to log in as "mike.foley". Setting this directive allowed me
to do that. This would need to be done on each Linux system that
authenticated against the Active Directory. If you have more than one
Active Directory to authenticate against (why?), then set it to "no"
and use DOMAIN\username. I found it would be easier for my users if
they just used their usernames that they were already familiar with.
The following article helped me out in figuring out what need to be
done.
- Microsoft
Solution Guide for Windows Security and Directory Services
- Unite
your Linux and Active Directory authentication