Friday, February 10, 2012

Script/Command To Authenticate Linux With Windows Active Directory Or Linux OpenLDAP

For Authenticating with Windows AD:


In this lets assume windows domain name is win-pfb09prf78l.scvmm.local

#!/bin/bash

/usr/bin/authconfig --disablecache --enablewinbind --enablewinbindauth --smbsecurity=ADS --smbworkgroup=scvmm --smbrealm=scvmm.local --smbservers=win-pfb09prf78l.scvmm.local --enablewinbindusedefaultdomain --winbindtemplatehomedir=/home/%U --winbindtemplateshell=/bin/bash --enablekrb5 --krb5realm=SCVMM.LOCAL --krb5adminserver=win-pfb09prf78l.scvmm.local --krb5kdc=win-pfb09prf78l.scvmm.local --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --update

echo "Comnet@12" | kinit administrator@SCVMM.LOCAL

net ads join -UAdministrator%Comnet@12 -S win-pfb09prf78l.scvmm.local

/bin/sed -i 's/idmap gid/#idmap gid/g' /etc/samba/smb.conf

/bin/sed -i 's/idmap uid/#idmap uid/g' /etc/samba/smb.conf

/bin/sed -i "/#idmap uid/i idmap config scvmm:backend = rid" /etc/samba/smb.conf

/bin/sed -i "/#idmap uid/i idmap config scvmm:base_rid = 500" /etc/samba/smb.conf

/bin/sed -i "/#idmap uid/i idmap config scvmm:range = 500-10000000" /etc/samba/smb.conf


For Authenticating with OpenLDAP:


/usr/bin/authconfig --enableldap --enableldapauth --ldapserver=10.17.138.6 --ldapbasedn=dc=domain,dc=myldap,dc=com --update --enablemkhomedir


Please correct if something missing or wrong :-)

1 comment: