Skip to content

Instantly share code, notes, and snippets.

@jcefoli

jcefoli/centos6domainjoin.md

Last active May 9, 2022 01:37
Show Gist options
  • Save jcefoli/85e9b928be16de460479fe32c8187587 to your computer and use it in GitHub Desktop.
Save jcefoli/85e9b928be16de460479fe32c8187587 to your computer and use it in GitHub Desktop.
Download ZIP
Join CentOS 6 to Windows Domain
Raw
centos6domainjoin.md

Join CentOS 6 VM to Domain

  1. Install Necessary Packages yum -y install authconfig krb5-workstation pam_krb5 samba-common oddjob-mkhomedir

  2. Set DNS Nameservers to Primary Domain Controller and Secondary View config like this cat /etc/resolv.conf and make sure the nameservers point at the domain controller IPs.

  3. Join Domain This will join the domain. It's multi-line for readability. You can copy/paste the whole thing into the terminal and it will work

    NOTE: You must edit the last 4 lines below to include your domain admin and domain details. Make sure the DOMAIN is all CAPS.

authconfig --disablecache
--enablelocauthorize
--enablewinbind
--enablewinbindusedefaultdomain
--enablewinbindauth
--smbsecurity=ads
--enablekrb5
--enablekrb5kdcdns
--enablekrb5realmdns
--enablemkhomedir
--enablepamaccess
--updateall
--smbidmapuid=100000-1000000
--smbidmapgid=100000-1000000
--disablewinbindoffline
--winbindtemplateshell=/bin/bash
--winbindjoin=DOMAIN-ADMIN-USERNAME
--smbworkgroup=DOMAIN
--smbrealm=DOMAIN.LOCAL
--krb5realm=DOMAIN.LOCAL ``` It will prompt your for your domain admin password. Enter it, then press Enter and it should show a success message.

  1. Add Server Admins Group to Sudoers This assumes you have an AD group called "Server Admins"

    echo "%Server\ Admins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

  2. Reboot sudo reboot

Now, any user in AD with Unix Attributes set on their profile will be able to log in and any user in the "Server Admins" group will have sudo.

@jfmaradiaga
Copy link

Is it possible to have two AD servers configured with this configuration?

@jcefoli
Copy link
Author

jcefoli commented May 2, 2022

Is it possible to have two AD servers configured with this configuration?

Hey, not sure if I'm understanding what you're asking. Did you mean having multiple domain controllers clustered or across different subnets (surely we don't want one DC to be a single point of failure), or two different domains?

Also, CentOS 6 is way out of support at this point. I'm not sure if this method works in CentOS 8 or other Linux distros that use yum package manager

@jfmaradiaga
Copy link

jfmaradiaga commented May 5, 2022
edited
Loading

Hi, thank you for your reply Yes (across diff subnets), I'm trying to migrate to a new domain controller without "unplugging" the actual one yet, since I need to migrate all the users before. And yes CentOS6 is out of support but sadly I still have some VMs with that OS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment