API tools faq
paste
Advertisement
bewleberkl

Join RHEL 7 server to Active Directory

bewleberkl
Jun 20th, 2017
889
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.28 KB | None | 0 0
raw download clone embed print report
  1. ----> On the NetBackup master server running RHEL 7.2:
  2.  
  3. -- install the following:
  4. yum install adcli sssd authconfig krb5-workstation krb5-auth-dialog openldap-clients realmd PackageKit
  5.  
  6. -- had to run this one twice...2nd time it works:
  7. # realm join acme.krt -U 'Administrator'
  8.  
  9. -- note this may or may not work and I cannot explain why it won't:
  10. ldapsearch -H ldap://WIN-2OCNO3URDBQ.acme.krt:3268 -Y GSSAPI -N -b "dc=acme,dc=krt" "(&(objectClass=user) (sAMAccountName=admin1))"
  11.  
  12. -- this should work:
  13. # id admin1@acme.krt
  14.  
  15. -- this should work:
  16. # ssh -l admin1@acme.krt localhost
  17.  
  18. -- this should fail *until* we bpbnbat -login (assuming the admin1 account is in the NBU_admin group):
  19. [admin1@acme.krt@chattypuma ~]$ /usr/openv/netbackup/bin/admincmd/bppllist
  20. VxSS authentication failed (116)
  21.  
  22. [admin1@acme.krt@chattypuma ~]$ /usr/openv/netbackup/bin/bpnbat -login
  23. Authentication Broker: WIN-2OCNO3URDBQ.acme.krt
  24. Authentication port [0 is default]:
  25. Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap): nt
  26. Domain: acme
  27. Login Name: admin1
  28. Password:
  29. You do not currently trust the server: WIN-2OCNO3URDBQ.acme.krt, do you wish to trust it? (y/n):
  30. y
  31. Unable to connect to the NetBackup web authentication service.
  32. AT authentication successful, but web authentication failed.
  33.  
  34. [admin1@acme.krt@chattypuma ~]$ /usr/openv/netbackup/bin/admincmd/bppllist
  35. no entity was found (227)
  36.  
  37.  
  38. ---------------------------------
  39.  
  40. ls -l /var/lib/sss/pubconf/
  41. total 4
  42. -rw-r--r-- 1 root root 12 Apr 27 20:11 kdcinfo.ACME.KRT
  43. drwxr-xr-x 2 sssd sssd 85 Apr 25 22:15 krb5.include.d
  44.  
  45.  
  46. /var/lib/sss/pubconf/kdcinfo.ACME.KRT
  47.  
  48. # cat kdcinfo.ACME.KRT
  49. 192.168.1.60
  50.  
  51. ls -l /var/lib/sss/pubconf/krb5.include.d
  52. total 12
  53. -rw-r--r-- 1 root root 15 Apr 25 22:15 domain_realm_acme_krt
  54. -rw-r--r-- 1 root root 15 Apr 25 21:18 domain_realm_ACME_KRT
  55. -rw-r--r-- 1 root root 98 Apr 25 22:15 localauth_plugin
  56.  
  57. [root@chattypuma krb5.include.d]# cat domain_realm_acme_krt
  58. [domain_realm]
  59.  
  60. [root@chattypuma krb5.include.d]# cat domain_realm_ACME_KRT
  61. [domain_realm]
  62.  
  63.  
  64. ldapsearch -H ldap://WIN-2OCNO3URDBQ.acme.krt:3268 -Y GSSAPI -N -b "dc=acme,dc=krt" "(&(objectClass=user) (sAMAccountName=admin1))"
  65.  
  66. ldapsearch -LLL -x -H ldap://WIN-2OCNO3URDBQ.acme.krt:3268 -N -b dc=acme,dc=krt "(objectclass=domaindns)"; dn name dc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!