Integrating Red Hat Enterprise Linux 6 with Active Directory.pdf

(1725 KB) Pobierz
Integrating Red Hat Enterprise Linux 6
with Active Directory
Mark Heslin
Principal Software Engineer
Version 1.2
June 2012
1801 Varsity Drive™
Raleigh NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park NC 27709 USA
Linux is a registered trademark of Linus Torvalds. Red Hat, Red Hat Enterprise Linux and the Red Hat
"Shadowman" logo are registered trademarks of Red Hat, Inc. in the United States and other
countries.
Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation.
UNIX is a registered trademark of The Open Group.
Intel, the Intel logo and Xeon are registered trademarks of Intel Corporation or its subsidiaries in the
United States and other countries.
All other trademarks referenced herein are the property of their respective owners.
© 2012 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set
forth in the Open Publication License, V1.0 or later (the latest version is presently available at
http://www.opencontent.org/openpub/).
The information contained herein is subject to change without notice. Red Hat, Inc. shall not be liable
for technical or editorial errors or omissions contained herein.
Distribution of modified versions of this document is prohibited without the explicit permission of Red
Hat Inc.
Distribution of this work or derivative of this work in any standard (paper) book form for commercial
purposes is prohibited unless prior permission is obtained from Red Hat Inc.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
Send feedback to refarch-feedback@redhat.com
www.redhat.com
ii
refarch-feedback@redhat.com
Table of Contents
1 Executive Summary......................................................................................... 1
2 Component Overview....................................................................................... 2
2.1 Red Hat Enterprise Linux 6............................................................................................... 2
2.2 Windows Server 2008 R2.................................................................................................. 3
2.3 Active Directory Domain Services (AD DS)...................................................................... 3
2.4 Identity Management (IdM) in Red Hat Enterprise Linux (RHEL)..................................... 3
2.5 Samba............................................................................................................................... 4
2.6 SMB/CIFS.......................................................................................................................... 4
2.7 Winbind.............................................................................................................................. 4
2.8 Kerberos............................................................................................................................ 6
2.9 Lightweight Directory Access Protocol (LDAP)................................................................. 6
2.10 System Security Services Daemon (SSSD).................................................................... 7
2.11 Domain Name System (DNS)......................................................................................... 7
2.12 Network Time Protocol (NTP)......................................................................................... 7
2.13 Name Service Switch (NSS)........................................................................................... 7
3 Considerations................................................................................................. 8
3.1 Non-technical Considerations........................................................................................... 8
3.1.1 Organizational Alignment............................................................................................. 8
3.1.2 Expertise Levels........................................................................................................... 8
3.1.3 Scope/Complexity........................................................................................................ 9
3.1.4 Prototype ..................................................................................................................... 9
3.1.5 Project Deployment..................................................................................................... 9
3.2 Technical Considerations.................................................................................................. 9
3.2.1 File Sharing.................................................................................................................. 9
3.2.2 Login Access................................................................................................................ 9
3.2.3 Active Directory ID Attributes..................................................................................... 10
3.2.4 Enumeration............................................................................................................... 10
3.2.5 LDAP Referrals.......................................................................................................... 10
3.2.6 Winbind Backends..................................................................................................... 11
3.2.7 Services Integration................................................................................................... 13
3.2.8 Log Files.................................................................................................................... 13
refarch-feedback@redhat.com
iii
www.redhat.com
4 Configurations................................................................................................ 14
4.1 Overview.......................................................................................................................... 14
4.2 Configuration Feature Comparisons............................................................................... 15
4.3 Selecting a Configuration................................................................................................ 18
5 Deployment Prerequisites.............................................................................. 19
5.1 Deploy Windows 2008 Server R2................................................................................... 19
5.2 Configure Active Directory Domain Services.................................................................. 19
5.3 Deploy Red Hat Enterprise Linux 6................................................................................. 20
5.4 Configure SELinux Security Parameters......................................................................... 20
5.5 Install/Configure Samba.................................................................................................. 21
5.6 Synchronize Time Services............................................................................................. 21
5.7 Configure DNS................................................................................................................ 22
5.8 Install/Configure Kerberos Client.................................................................................... 23
5.9 Install oddjob-mkhomedir................................................................................................ 24
6 Recommended Configurations....................................................................... 25
6.1 Configuration 1 - Samba/Winbind (idmap_rid)................................................................ 26
6.1.1 Configuration Summary............................................................................................. 26
6.1.2 Systems Overview..................................................................................................... 27
6.1.3 Authentication and ID Components........................................................................... 27
6.1.4 Integration Tasks....................................................................................................... 28
6.1.5 Verification of Services.............................................................................................. 38
6.2 Configuration 2 – Samba/Winbind (idmap_ad)............................................................... 41
6.2.1 Configuration Summary............................................................................................. 41
6.2.2 Systems Overview..................................................................................................... 42
6.2.3 Authentication and ID Components........................................................................... 42
6.2.4 Integration Tasks....................................................................................................... 43
6.2.5 Verification of Services.............................................................................................. 53
6.3 Configuration 3 – SSSD/Kerberos/LDAP........................................................................ 56
6.3.1 Configuration Summary............................................................................................. 56
6.3.2 Systems Overview..................................................................................................... 57
6.3.3 Authentication and ID Components........................................................................... 57
6.3.4 Integration Tasks....................................................................................................... 58
6.3.5 Verification of Services.............................................................................................. 68
6.4 Configuration 4 – Kerberos/LDAP................................................................................... 70
6.4.1 Configuration Summary............................................................................................. 70
www.redhat.com
iv
refarch-feedback@redhat.com
6.4.2 Systems Overview..................................................................................................... 71
6.4.3 Authentication and ID Components........................................................................... 71
6.4.4 Integration Tasks....................................................................................................... 72
6.4.5 Verification of Services.............................................................................................. 80
7 Conclusion...................................................................................................... 82
Appendix A: References................................................................................... 83
Appendix B: Glossary....................................................................................... 85
Appendix C: Winbind Backend Reference....................................................... 92
Appendix D: Active Directory Domain Services – Configuration Summary.... 100
Appendix E: Active Directory User Account Mappings................................... 110
Appendix F: Command Reference – net, wbinfo............................................ 111
Appendix G: Reference Architecture Configurations...................................... 113
Appendix H: Deployment and Integration Checklist – Configuration 1
(Samba/Winbind - idmap_rid).......................................................................... 117
Appendix I: Deployment and Integration Checklist – Configuration 2
(Samba/Winbind - idmap_ad).......................................................................... 118
Appendix J: Deployment and Integration Checklist – Configuration 3
(SSSD/Kerberos/LDAP).................................................................................. 119
Appendix K: Deployment and Integration Checklist – Configuration 4
(Kerberos/LDAP)............................................................................................. 120
refarch-feedback@redhat.com
v
www.redhat.com

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin