ldap:ad_rfc2307
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ldap:ad_rfc2307 [2021/09/28 22:19] manu |
ldap:ad_rfc2307 [2022/03/28 21:11] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Authentification for UNIX users in Active Directory (AD) ====== | ====== Authentification for UNIX users in Active Directory (AD) ====== | ||
| + | <code> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | </code> | ||
| ===== get Active Directory (AD) certificate ===== | ===== get Active Directory (AD) certificate ===== | ||
| Line 13: | Line 22: | ||
| </cli> | </cli> | ||
| Copy out the Server certificate section, between (and including) —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—— and put the copied text into a text editor. | Copy out the Server certificate section, between (and including) —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—— and put the copied text into a text editor. | ||
| + | |||
| + | |||
| + | https://www.altaro.com/hyper-v/request-ssl-windows-certificate-server/ | ||
| + | |||
| **Windows** | **Windows** | ||
| Line 54: | Line 67: | ||
| Set-ADUser | Set-ADUser | ||
| + | If Powershell modules are missing, install them | ||
| + | Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online | ||
| + | | ||
| Here is an example to create a AD group “linux_user” with a GID of 20000 and a NisDomain “emc”: | Here is an example to create a AD group “linux_user” with a GID of 20000 and a NisDomain “emc”: | ||
| - | <cli prompt='$'> | ||
| - | $ New-ADGroup -name linux_user -GroupScope 1 -OtherAttributes @{msSFU30NisDomain='emc';gidNumber=20000} | ||
| - | </cli> | ||
| - | |||
| <cli prompt='$'> | <cli prompt='$'> | ||
| $ New-ADGroup -name linux_user -GroupScope 1 -OtherAttributes @{msSFU30NisDomain='emc';gidNumber=20000} | $ New-ADGroup -name linux_user -GroupScope 1 -OtherAttributes @{msSFU30NisDomain='emc';gidNumber=20000} | ||
| Line 64: | Line 76: | ||
| If you have an existing group you can use following cmdlet to add the attributes: | If you have an existing group you can use following cmdlet to add the attributes: | ||
| - | <cli prompt='$'> | ||
| - | $ Set-ADGroup -Instance linux_user -Add @{msSFU30NisDomain='emc';gidNumber=20000} | ||
| - | </cli> | ||
| - | |||
| <cli prompt='$'> | <cli prompt='$'> | ||
| $ Set-ADGroup -Instance linux_user -Add @{msSFU30NisDomain='emc';gidNumber=20000} | $ Set-ADGroup -Instance linux_user -Add @{msSFU30NisDomain='emc';gidNumber=20000} | ||
| Line 73: | Line 81: | ||
| Next we are creating an user “user1” with a UID of 10000, being member of group 20000 and NisDomain ’emc’. Furthermore the user will use “/bin/bash” as login shell and a home directory located in “/home/EMC/user1”. | Next we are creating an user “user1” with a UID of 10000, being member of group 20000 and NisDomain ’emc’. Furthermore the user will use “/bin/bash” as login shell and a home directory located in “/home/EMC/user1”. | ||
| - | <cli prompt='$'> | ||
| - | $ New-ADUser -name user1 -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | ||
| - | </cli> | ||
| - | |||
| <cli prompt='$'> | <cli prompt='$'> | ||
| $ New-ADUser -name user1 -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | $ New-ADUser -name user1 -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | ||
| Line 86: | Line 90: | ||
| </cli> | </cli> | ||
| - | <cli prompt='$'> | ||
| - | $ Set-ADUser -Instance user1 -Add @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'} | ||
| - | </cli> | ||
| - | |||
| Now you are able to query the active directory by LDAP from you linux client system to resolve user and group attributes. Furthermore you have a mapping between windows and linux users which is necessary for a multiprotocol access to NAS! | Now you are able to query the active directory by LDAP from you linux client system to resolve user and group attributes. Furthermore you have a mapping between windows and linux users which is necessary for a multiprotocol access to NAS! | ||
| Line 97: | Line 97: | ||
| </cli> | </cli> | ||
| - | for ($i=1; $i -le 5; $i++){New-ADUser -name ('user' + $i) -PasswordNeverExpires:$true -AccountPassword (ConvertTo-SecureString "Passw0rd" -AsPlainText -Force) -Enabled:$true -OtherAttributes @{uidNumber=(10000+$i);gidNumber=20000;unixHomeDirectory=('/home/EMC/user'+$i);loginShell='/bin/bash';msSFU30NisDomain='emc'}; Add-ADGroupMember -Identity linux_user -Members ('user'+$i)} | ||
| - | |||
| The last steps are configuring and joining the linux host to our active directory. This will be covered in one of the next posts. | The last steps are configuring and joining the linux host to our active directory. This will be covered in one of the next posts. | ||
ldap/ad_rfc2307.1632860349.txt.gz · Last modified: 2021/09/28 22:19 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
