Monday 27 April 2015

Add RHEL7 Server to Active Directory Domain



This tutorial is based on the following configuration:
domain name : mycompany.com
workgroup : MYCOMPANY
kerberos realm : MYCOMPANY.COM

Windows Server DNS Name: winserver.mycompany.com
Windows Server IP Address: 192.168.122.10

Linux Server DNS Name: server3.mycompany.com
Linux Server IP Address: 192.168.122.4

Ensure that DNS Server is properly configured on the Windows Server.

1) Install packages
yum install krb5-workstation pam_krb5

yum install samba samba-client samba-winbind

yum install authconfig



2) Ensure that the clocks on both systems are in sync. Time synchronization is essential for Kerberos to work.

3) Configure the DNS Service to use AD as its name server. DNS is critical for proper resolution of host names and domains for kerberos.
Edit the file '/etc/resolv.conf' and add the following entries:
search mycompany.com

nameserver 192.168.122.10


4) Configure Kerberos to use AD Kerberos realm. Edit the file '/etc/krb5.conf'.
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true

ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = MYCOMPANY.COM

5) Verify Kerberos operation.

[root@server3 ~]# kinit Administrator
Password for Administrator@MYCOMPANY.COM:
[root@server3 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@MYCOMPANY.COM

Valid starting Expires Service principal
04/27/2015 00:42:19 04/27/2015 10:42:19 krbtgt/MYCOMPANY.COM@MYCOMPANY.COM
renew until 05/04/2015 00:42:10
[root@server3 ~]# kdestroy

6) Configure Samba to connect to AD server. Edit the file '/etc/samba/smb.conf' and make the
following changes:

workgroup = MYCOMPANY

server string = Samba Server Version %v



netbios name = SERVER3



interfaces = lo eth0 192.168.122.4/24

hosts allow = 127. 192.168.122.



security = ads

passdb backend = tdbsam

realm = MYCOMPANY.COM



kerberos method = secrets and keytab



template shell = /bin/sh

winbind offline logon = true



winbind separator = +

winbind use default domain = yes



idmap uid = 10000-19999

idmap gid = 10000-19999

idmap config MYCOMPANY:backend = rid

idmap config MYCOMPANY:range = 10000000-19999999



7) Check for configuration errors
testparm

8) Configure NSS and PAM to use winbind
authconfig –enablewinbind –enablewins –enablewinbindauth --update

9) Start services
systemctl start smb
systemctl start winbind

10) Add the linux machine to the AD Domain
[root@server3 ~]# kinit Administrator

[root@server3 ~]# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- MYCOMPANY
Joined 'SERVER3' to dns domain 'mycompany.com'

10) Verify AD Server status

[root@server3 ~]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 SERVER3$@MYCOMPANY.COM

[root@server3 ~]# net ads info
LDAP server: 192.168.122.10
LDAP server name: WINSERVER.mycompany.com
Realm: MYCOMPANY.COM
Bind Path: dc=MYCOMPANY,dc=COM
LDAP port: 389
Server time: Mon, 27 Apr 2015 21:51:54 IST
KDC server: 192.168.122.10
Server time offset: 19835

1 comment:

  1. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector
    Premium Accounts (Netflix, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete