Likewise를 이용한 RHEL6.x 와 Windows Active Directory 연동하기
RHEL6.x 와 Windows 2012 R2 Active Directory 연동하기
정통적으로 Linux Client 를 Windows AD 에 Join 시키기 위해서는 Winbind 와 Likewise를 주로
이용한다.
본 문서에서 사용한 패키지는 winbind 코어를 가지고 제작한 Likewise Open Package 인 pbis-open
패키지를 이용한다.
우선 Linux Client 서버에 AD Domain 정보를 인식 가능하게 한다.
# vi /etc/hosts
192.168.201.50 RNTADS01 rntier272.ad
# vi /etc/resolv.conf
nameserver 192.168.201.50
# nslookup rntier272.ad
Server: 192.168.201.50
Address: 192.168.201.50#53
Name: rntier272.ad
Address: 192.168.201.50
likewise 패키지를 다운 받고, 설치를 한다.
본 문서에서 사용하는 likewise 패키지는 PowerBroker Open 프로젝트에서 제작한
pbis 패키지이다.
http://www.powerbrokeropen.org/
# wget http://download.beyondtrust.com/PBISO/8.3/pbis-open-8.3.0.3287.linux.x86_64.rpm.sh
# chmod 755 pbis-open-8.3.0.3287.linux.x86_64.rpm.sh
# ./pbis-open-8.3.0.3287.linux.x86_64.rpm.sh
——————————————————————————–
Creating directory pbis-open-8.3.0.3287.linux.x86_64.rpm
Verifying archive integrity… All good.
Uncompressing pbis-open-8.3.0.3287.linux.x86_64.rpm…………
Would you like to install package for legacy links? (i.e. /opt/likewise/bin/lw-find-user-by-name -> /opt/pbis/bin/find-user-by-name) (yes/no) yes
Would you like to install now? (yes/no) yes
.
.
준비 중… ########################################### [100%]
1:pbis-open-gui ########################################### [100%]
경고: /root/pbis-open-8.3.0.3287.linux.x86_64.rpm/./packages/pbis-open-legacy-8.3.0-3287.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID c9ceecef: NOKEY
준비 중… ########################################### [100%]
1:pbis-open-legacy ########################################### [100%]
Installing Packages was successful
New libraries and configurations have been installed for PAM and NSS.
Please reboot so that all processes pick up the new versions.
As root, run domainjoin-gui or domainjoin-cli to join a domain so you can log on
with Active Directory credentials. Example:
domainjoin-cli join MYDOMAIN.COM MyJoinAccount
——————————————————————————-
패키지 설치가 완료되면 관련 패키지가 아래에 설치된다.
/opt/likewise
/opt/pbis
이제 AD Domain 에 join 한다.
AD Domain Join 은 cli 방식과 gui 방식을 이용할 수 있다.
command line 방식
# domainjoin-cli join
gui 방식
# domainjoin-gui
# domainjoin-cli join rntier272.ad administrator
oining to AD Domain: rntier272.ad
With Computer DNS Name: RNTSMP01.rntier272.ad
administrator@RNTIER272.AD’s password: < 패스워드 입력>
Warning: System restart required
Your system has been configured to authenticate to Active Directory for the first time. It is
recommended that you restart your system to ensure that all applications recognize the new settings.
SUCCESS
리부팅 한다.
Windows Active Directory 서버로 접속하여 관리도구>Active Directory 사용자 및 컴퓨터>Computer OU 로
가서 Linux Client 가 Join 되었는지 확인 한다.
# su – rntier272\\alang
-sh-4.1$ pwd
/home/local/RNTIER272/alang
-sh-4.1$ id
uid=2077230164(RNTIER272\alang) gid=2077229569(RNTIER272\domain^users) groups=2077229569(RNTIER272\domain^users),2077230163(RNTIER272\gridcenter),2077230171(RNTIER272\gc_default_ug)
-sh-4.1$
기본 홈 디렉토리가 /home/local/
이 부분을 /home/
# /opt/likewise/bin/lwregshell
> cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory
HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory> ls
[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]
[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\] >
set_value LoginShellTemplate /bin/bash
[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\] >
set_value HomeDirTemplate %H/%U
HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\] >
quit
혹은 ..
# /opt/likewise/bin/lwconfig LoginShellTemplate /bin/bash
# /opt/likewise/bin/lwconfig HomeDirTemplate %H/%U
이제 변경된 설정을 적용한다.
# /opt/likewise/bin/lw-ad-cache –enum-users
# /opt/likewise/bin/lw-ad-cache –delete-all
The cache has been emptied successfully.
# su – rntier272\\alang
이밖의 관리 명령
/opt/pbis/bin/config –dump
/opt/pbis/bin/get-status
/opt/pbis/bin/find-objects –user USERNAME
/etc/pbis/pbis-krb5-ad.conf