Integrating RHEL6 with Active Directory

         Hi guys...! In every IT shop you will find two groups so called Windows Team and Linux Team which don't mix just like that. Actually, they don't compete each other, at the same time they don't collaborate either. But as a System Admin our job is to provide a cost-effective IT service to the organization. It is obvious to say that majority of organizations have settled on Windows Active Directory to provide authentication services. It is not a good idea to have a separate authentication infrastructure for Linux Environment in the same organization. By this time you might have got an idea to integrate Linux  Systems with existing Active Directory Service. This technique is well implemented in IT industry with the help of some third party software from companies like Centrify, Likewise Software, Quest Software and so on which again includes certain implementation cost.
         Redhat itself provided a very good documentation which really helpful to integrate RHEL6 with a pre-configured Active Directory Service in Windows 2008 Server. Good thing about this is you do not require any third-party tools. It explains different implementation methods(configurations) for different working environment. In this document you will get good explanation how the each module (pam, kerberos, samba, ntp, dns etc..) works and the relationship between them. All that you need to do is install the service role "Identity Management for Unix" on Windows Active Directory Server. This you can do it form Server Manager. Once you done with it head to configure your Linux box.
        I found this book is very handy to do the job simply, off-course I have done it successfully. Here is the link. All the best..!

Integrating Red Hat Enterprise Linux 6 with Active Directory  <-- Click Here


Important: Apart form the instructions given in the above document you may have make the following additional configurations.

1. To speed-up the winbind process
     #vim /etc/sysconfig/samba
          Modify the line
         WINBINDOPTIONS=""          ---->   WINBINDOPTIONS="-D"

2. To avoid the the interference of named cache daemon during name resolution This setting is optional. Some times the dns cache may contain outdated information this may cause possible delay in communication to avoid this we make the following settings.
   #vim /etc/nscd.conf
   Modify the following three lines 
   enable-cache   passwd   yes   ----->      enable-cache   passwd     no
   enable-cache   group     yes   ----->      enable-cache   group      no
   enable-cache   hosts      yes   ----->       enable-cache  host       no

   Now restart the network service
   #service network restart

3. To tell the pam.d to load oddjobd libraries
  #vim /etc/pam.d/system-auth
  Add the following line just before the last line
  session  optional     skel=/etc/skel      umask=0644

Enjoy IT..!