Hi guys...! In every IT shop you will find two groups so called Windows Team and Linux Team which don't mix just like that. Actually, they don't compete each other, at the same time they don't collaborate either. But as a System Admin our job is to provide a cost-effective IT service to the organization. It is obvious to say that majority of organizations have settled on Windows Active Directory to provide authentication services. It is not a good idea to have a separate authentication infrastructure for Linux Environment in the same organization. By this time you might have got an idea to integrate Linux Systems with existing Active Directory Service. This technique is well implemented in IT industry with the help of some third party software from companies like Centrify, Likewise Software, Quest Software and so on which again includes certain implementation cost.
Redhat itself provided a very good documentation which really helpful to integrate RHEL6 with a pre-configured Active Directory Service in Windows 2008 Server. Good thing about this is you do not require any third-party tools. It explains different implementation methods(configurations) for different working environment. In this document you will get good explanation how the each module (pam, kerberos, samba, ntp, dns etc..) works and the relationship between them. All that you need to do is install the service role "Identity Management for Unix" on Windows Active Directory Server. This you can do it form Server Manager. Once you done with it head to configure your Linux box.
I found this book is very handy to do the job simply, off-course I have done it successfully. Here is the link. All the best..!
Integrating Red Hat Enterprise Linux 6 with Active Directory <-- Click Here
Important: Apart form the instructions given in the above document you may have make the following additional configurations.
1. To speed-up the winbind process
#vim /etc/sysconfig/samba
Modify the line
WINBINDOPTIONS="" ----> WINBINDOPTIONS="-D"
Enjoy IT..!
1. To speed-up the winbind process
#vim /etc/sysconfig/samba
Modify the line
WINBINDOPTIONS="" ----> WINBINDOPTIONS="-D"
2. To avoid the the interference of named cache daemon during name resolution This setting is optional. Some times the dns cache may contain outdated information this may cause possible delay in communication to avoid this we make the following settings.
#vim /etc/nscd.conf
Modify the following three lines
enable-cache passwd yes -----> enable-cache passwd no
enable-cache group yes -----> enable-cache group no
enable-cache hosts yes -----> enable-cache host no
Now restart the network service
#service network restart
3. To tell the pam.d to load oddjobd libraries
#vim /etc/pam.d/system-auth
Add the following line just before the last line
session optional pam_oddjob_mkhomedir.so skel=/etc/skel umask=0644
Enjoy IT..!