Fame Shock Report
general /

Configuring PAM on the Linux server - Documentation for BMC Client Management 12.6

  • Synchronize the Linux server with the KDC server:
    1. Stop the /etc/init.d/ntpd service.

    2. Synchronize the time by entering the following command:

      ntpdate KDC server address
    3. Restart the /etc/init.d/ntpd service.

  • Ensure that the KDC server, the AD server (this might be on the same device), and the AD domain are reachable by name. If they cannot be pinged, the name resolution must be added to the hosts file. For example:

  • To apply the modifications, restart the network service by typing the following command:

    /etc/init.d/network restart

  • Open the /etc/krb5.conf file and use the following example to define the server and domain definitions for communications required for Kerberos authentication:

    <?xml version="1.0" encoding="UTF-8"?>
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = SUPPORT.SOPHIA.METRIXSYSTEMS.COM dns_lookup_realm = true dns_lookup_kdc = true
[realms] SUPPORT.SOPHIA.METRIXSYSTEMS.COM = { kdc = support.sophia.metrixsystems.com default_domain = support.sophia.metrixsystems.com admin_server = support.sophia.metrixsystems.com }
[domain_realm] .support.sophia.metrixsystems.com = SUPPORT.SOPHIA.METRIXSYSTEMS.COM support.sophia.metrixsystems.com = SUPPORT.SOPHIA.METRIXSYSTEMS.COM
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] kinit = { forwardable = true } pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }

  • Open the /etc/samba/smb.conf file and use the following example to configure Samba:

    <?xml version="1.0" encoding="UTF-8"?>
[global] realm = SUPPORT.SOPHIA.METRIXSYSTEMS.COM password server = support.sophia.metrixsystems.com workgroup = SUPPORT server string = Samba Server printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ADS socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no winbind separator = @ idmap uid = 10000-100000 idmap gid = 10000-100000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes winbind use default domain = yes domain master = no local master = no prefered master = no os level = 0
[homes] comment = Home Directories browseable = no writable = yes
[printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes

    After modifying the file the samba service must be restarted for the updated samba configuration to take effect. For this, enter the following command line: /etc/init.d/smb restart

  • Start or restart the winbind service by entering enter the following command:

    /etc/init.d/winbind restart

  • Verify that the nsswitch.conf file contains the following information:

    <?xml version="1.0" encoding="UTF-8"?>
passwd: compat winbind
shadow: compat winbind
group: compat winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: db files
netmasks: files
networks: files winbind
protocols: db files
rpc: db files
services: db files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus

  • To configure the authentication, create the file bmc in the directory /etc/pam.d with the following content:

    <?xml version="1.0" encoding="UTF-8"?>
#%PAM-1.0
# This file is auto-generated.
# User changes are destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_winbind.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
account sufficient /lib/security/$ISA/pam_winbind.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_krb5.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel umask=027
session optional /lib/security/$ISA/pam_krb5.so

    • Recommended For You

    Vastu Tips for Money Luck: Know How to Attract Money at Home

    Joyce Meyer - Age, Bio, Birthday, Family, Net Worth

    Larry Fitzgerald - Age, Bio, Birthday, Family, Net Worth

    Dolly Parton