loosebit Posted April 18, 2013 Share Posted April 18, 2013 Configuring Active Directory Accounts For Linux You may have followed our previous article detailing step by step how to integrate your RHEL 6 box into a Windows Active Directory environment Being able to authenticate users and services to active directory from linux is a big plus but it’s not where this journey ends. We need to setup users default home directories and default shells before we can really allow users to login and start using your server. There are two ways to accomplish this, if you have Unix Identity Management Services installed on your domain controller you will have an easy way to set these configuration inside active directory. From Windows Inside server manager select your Active Directory Domain Services, right click to Add Role Services. Make sure these roles are installed. Once you have installed these Role Services we can continue. If you want to administer active directory from your workstation, make sure you have the correct AD Administrative tools installed. Make sure you have local admin rights on your workstation. Once you have the correct tools installed open up Active Directory Users and Computers. Find a “test” user and open their properties. You will now see a new tab called UNIX Attributes. Specify Linux configs from Active Directory From here you can specify the UID(which will be assigned upon logging into linux), Login Shell, Home Directory, and Primary Group. We aren’t going to go into detail on NIS domain because this is only important for older configuration of SSSD and ldap, krb5 etc. Let’s run a getent and see what Linux pulls from Active Directory [root@server tmp]# getent passwd test test:*:940001114:940000513:test:/home/test@YOURDOMAIN.COM:/bin/bash Doesn’t match what’s in Active Directory? Read the linux part of this article to find out why. From Linux Remember that thing called SSSD? If not please go back and read this. Let’s add a few lines to our sssd.conf override_homedir = /home/%f override_shell = /bin/bash **Must restart SSSD to take effect**service sssd restartOnly add these lines if you desire this functionality, either way is fine, however if you have a more complex AD environment it sometimes is easier inside SSSD to implicitly imply what configurations you want for your users. In this example we have told SSSD that each AD user that logs in home directory is /home/username(will be created by oddjob) and that we want their default shell to be /bin/bash. Most Linux users will expect this to be their default environment. There you have it. Go forth and shell with your active directory accounts. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.