Tuesday, December 28, 2010

System Configuration and Management -- Configure system to authenticate using Kerberos

This is a new objective to RHEL6, previously the objective was to setup NIS. Apparently they realized that nobody uses NIS any more and updated the requirements.
Personally, I have been using a tool called Likewise Open (http://www.likewise.com/products/likewise_open/) that enables Linux systems to join an AD domain. Since I doubt this is the solution RedHat is looking for, its back to the books for this one.
STEP 1: Ensure all packages are installed
For this to work properly, you need the kerberos and samba package both installed
yum install krb5-server pam_krb5 samba samba-common samba-winbind samba-client samba-winbind-clients

STEP 2: Configure the system to authenticate
Execute system-config-authentication and choose winbind for the account database
For security model, select ads
Under winbind domain, enter the short-name for the domain (i.e. without the .com)
Under ADS Realm, enter the FQDN of the domain
Under Domain Controllers, enter your preferred domain controller
Select a desired shell template
Click Join Domain and enter the credentials

STEP 3: Confirm
Log out of the system and attempt to log in using domain\user as the username

NOTE: This may be all wrong. I cant find any specific details on what redhat is looking for here (i.e. kerberos authentication via winbind)

1 comment:

Jon Disnard said...

Can you comment about your experience with this area of the test? My assumption was the authconfig(8) command would be used here to setup kerberos authentication, but I see you are going for the AD stuff.

Was it AD or regular kerberos/ldap?