Scott S. Lowe scottslowe
scottslowe
/ yaml-vagrantfile
Created
October 21, 2014 21:16
This Vagrantfile works with an external data file (a YAML file, named servers.yaml) to create multiple Vagrant boxes easily. The servers.yaml file contains all the specifics and can be easily edited to change the number and type of boxes to create. The Vagrantfile remains unchanged.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- mode: ruby -*- | |
| # # vi: set ft=ruby : | |
| # Specify minimum Vagrant version and Vagrant API version | |
| Vagrant.require_version ">= 1.6.0" | |
| VAGRANTFILE_API_VERSION = "2" | |
| # Require YAML module | |
| require 'yaml' |
scottslowe
/ servers.yaml
Created
October 21, 2014 21:30
This YAML file is intended to be used with an appropriately configured Vagrantfile (see yaml-vagrantfile for an example).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: coreos-01 | |
| box: coreos-alpha | |
| ram: 512 | |
| ip: 172.17.8.101 | |
| - name: coreos-02 | |
| box: coreos-alpha | |
| ram: 512 | |
| ip: 172.17.8.102 | |
| - name: coreos-03 |
scottslowe
/ smb.conf
Created
December 19, 2014 18:39
This snippet from the Samba smb.conf configuration file will help enable Active Directory integration from Linux and UNIX platforms.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| workgroup = <NetBIOS name of AD domain> | |
| security = ads | |
| realm = <DNS name of AD domain> | |
| use kerberos keytab = true | |
| password server = <Space-delimited list of AD DCs> |
scottslowe
/ apache-krb.conf
Created
December 19, 2014 19:19
This snippet of Apache configuration will enable Kerberos authentication, useful for integration with services like Active Directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LoadModule auth_kerb_module modules/mod_auth_kerb.so | |
| <Location /secured> | |
| AuthType Kerberos | |
| AuthName "Kerberos Login" | |
| KrbMethodNegotiate On | |
| KrbMethodK5Passwd On | |
| KrbAuthRealms EXAMPLE.COM | |
| Krb5KeyTab /etc/httpd/conf/httpd.keytab | |
| require valid-user |
scottslowe
/ krb5.conf
Created
December 20, 2014 04:22
This Kerberos configuration file can be used to integrate Linux into Active Directory. This configuration uses DNS SRV records to locate the Kerberos realm and KDCs (AD domain controllers).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| default_realm = EXAMPLE.COM | |
| dns_lookup_realm = true | |
| dns_lookup_kdc = true |
scottslowe
/ ldap.conf
Created
December 20, 2014 04:37
This ldap.conf is intended for use integrating Linux into Active Directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host 10.10.10.10 | |
| base dc=example,dc=com | |
| uri ldap://server.example.com/ | |
| binddn [email protected] | |
| bindpw adldapbindpw | |
| scope sub | |
| ssl no | |
| pam_filter objectClass=User | |
| nss_base_passwd dc=example,dc=com?sub | |
| nss_base_shadow dc=example,dc=com?sub |
scottslowe
/ system-auth
Last active
October 17, 2017 13:32
This PAM configuration file supports the use of Kerberos authentication for integrating Linux into Active Directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #%PAM-1.0 | |
| # This file is auto-generated. | |
| # User changes will be destroyed the next time authconfig is run. | |
| auth required /lib/security/$ISA/pam_env.so | |
| auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok | |
| auth sufficient /lib/security/$ISA/pam_krb5.so | |
| auth required /lib/security/$ISA/pam_deny.so | |
| account sufficient /lib/security/$ISA/pam_krb5.so | |
| account required /lib/security/$ISA/pam_unix.so |
scottslowe
/ krb5-conf-no-srv
Created
December 20, 2014 04:55
This Kerberos configuration file can be used for integrating Linux into Active Directory using Kerberos authentication. It does not rely on DNS SRV records, instead manually specifying an AD domain controller.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| default_realm = EXAMPLE.COM | |
| dns_lookup_realm = true | |
| dns_lookup_kdc = true |
scottslowe
/ ldap-conf-sfu30
Created
December 20, 2014 05:03
This LDAP configuration file can be used for integrating Linux into older versions of Active Directory that rely upon SFU (Services for UNIX) for UNIX attributes in the schema.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host 10.10.10.10 | |
| base dc=example,dc=com | |
| binddn cn=ldap,cn=Users,dc=example,dc=com | |
| bindpw adldapbindpw | |
| scope sub | |
| ssl no | |
| nss_base_passwd dc=example,dc=com | |
| nss_base_shadow dc=example,dc=com | |
| nss_base_group dc=example,dc=com | |
| nss_map_objectclass posixAccount user |
scottslowe
/ ldap-conf-gid
Created
December 21, 2014 05:03
This LDAP configuration file can be used for integrating Linux/UNIX systems into Active Directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| host 10.10.10.10 | |
| base dc=example,dc=com | |
| uri ldap://server.example.com/ | |
| binddn [email protected] | |
| bindpw adldapbindpw | |
| scope sub | |
| ssl no | |
| nss_base_passwd dc=example,dc=com?sub | |
| nss_base_shadow dc=example,dc=com?sub | |
| nss_base_group dc=mydomain,dc=com?sub?&(objectCategory=group)(gidnumber=*) |