Joining CentOS 7 Desktop to Zentyal PDC (Primary Domain Controller) – Part 14

This tutorial will guide you on how you can integrate CentOS 7 Desktop to Zentyal 3.4 Primary Domain Controller and benefit a single centralized point of authentication for all your users across your entire network infrastructure with the help of Samba Windows interoperability packages – which includes nmbd – NetBios over IP service and Winbind – services authentication via PAM modules, Kerberos network authentication system client and the graphical version of Authconfig package provided by official CentOS repositories.

Join CentOS 7 to Zentyal PDC
Join CentOS 7 to Zentyal PDC

Requirements

  1. Install and Configure Zentyal as a PDC (Primary Domain Controller)
  2. CentOS 7 Desktop Installation Procedure

Note: The domain name “mydomain.com” used on this tutorial (or other tecmint.com articles) is fictional and resides only on my private network local setup – any resemblance with a true domain name is pure coincidence.

Step 1: Configure Network to reach Zentyal PDC

1. Before starting to install and configure the required services in order to join CentOS 7 Desktop to an Active PDC you need to make sure that your network can reach and get a response from Zentyal PDC or a Windows Active Directory DNS server.

On the first step go to CentOS Network Settings, turn off your interface Wired Connections, add the DNS IPs that points to your Zentyal PDC or Windows AD DNS servers, Apply the settings and turn on your Network Wired Card. Make sure you do all the settings as presented on the below screenshots.

CentOS Network Settings
Network Settings
Add DNS IPs
Add DNS IPs
Enable Network Card in CentOS 7
Enable Network Card

2. If your network has only a single DNS sever that resolves your PDC, you need to ensure that this IP is the first from your DNS servers list. Also open resolv.conf file located in /etc directory with root editing permissions and append the following line at the bottom, after nameserver list.

search your_domain.tld
Add DNS Nameservers
Add DNS Nameservers

3. After you have configured CentOS 7 network connections, issue a ping command against your PDC FQDN and make sure it responds accurately with its IP Address.

# ping pdc_FQDN

4. On the next step, configure your machine hostname as a Fully Qualified Domain Name (use an arbitrary name for your system and append your domain name after the first dot) and verify it by issuing the following commands with root privileges.

# hostnamectl set-hostname hostname.domain.tld
# cat /etc/hostname
# hostname
Add System Hostname in CentOS 7
Add System Hostname

The left system hostname configured on this step, will be the name that will appear on Zentyal PDC or Windows AD on joined Computers names.

5. The last step that you will need to carry out before installing required packages to join PDC is to ensure that your system time is synchronized with Zentyal PDC. Run the following command with root privileges against your domain to sync time with the server.

$ sudo ntpdate -ud domain.tld
Sync System Time
Sync System Time

Step 2: Install and Samba, Kerberos and Authconfig-gtk and Configure Kerberos Client

6. All of the packages mentioned above are maintained and offered by official CentOS repositories, so there’s no need to add supplementary repos such as Epel, Elrepo or others.

Samba and Winbind provides the needed tools that allows CentOS 7 to integrate and become a member with fully rights on Zentyal PDC Infrastructure or a Windows AD Server. Issue the following command to install Samba and Winbind packages.

$ sudo yum install samba samba-winbind
Install Samba in CentOS 7
Install Samba Winbind Packages

7. Next install the Kerberos Workstation Client, which provides a strong cryptographic network authentication based on a Key Distribution Center (KDC) trusted by all network systems, by issuing the following command.

$ sudo yum install krb5-workstation
Install krb5 Workstation
Install krb5 Workstation

8. The last package that you need to install is Authconfig-gtk, which provides a Graphical Interface that manipulates Samba files in order to authenticate to a Primary Domain Controller. Use the following command to install this tool.

$ sudo yum install authconfig-gtk
Install Authconfig GTK in CentOS 7
Install Authconfig GTK

9. After all the required packages had been installed you need to make some changes to Kerberos Client main configuration file. Open /etc/krb5.conf file with your favorite text editor using an account with root privileges and
edit the following lines.

# nano /etc/krb5.conf

Here make sure you replace this lines accordingly – Use uppercase, dots and spaces as suggested in this examples.

[libdefaults]
default_realm = YOUR_DOMAIN.TLD

[realms]
YOUR_DOMAIN.TLD = {
kdc = your_pdc_server_fqdn
}

[domain_realm]
.your_domain.tld = YOUR_DOMAIN.TLD
your_domain.tld = YOUR_DOMAIN.TLD
Configure Kerberos Client
Configure Kerberos Client

Step 3: Join CentOS 7 to Zentyal PDC

10. After you have made all of the configurations above your system should be ready to become a fully qualified member to Zentyal PDC. Open Authconfig-gtk package with root privileges and make the following adjustments as presented here.

$ sudo authconfig-gtk
a. On Identity & Authentication tab
  1. User Account Database = choose Winbind
  2. Winbind Domain = type YOUR_DOMAIN name
  3. Security Model = choose ADS
  4. Winbind ADS Realm = type YOUR_DOMAIN name
  5. Domain Controllers = type your Zentyal PDC FQDN
  6. Template Shell = choose /bin/bash
  7. Allow offline login = checked
Identity Authentication Configuration
Identity Authentication Configuration
b. Move to Advanced Options tab
  1. Local Authentication Options = check Enable fingerprint reader support
  2. Other Authentication Options = check Create home directories on the first login
Advanced Options
Advanced Options

11. Now, after editing Authentication Configuration tabs with the required values don’t close the window and go back to Identity & Authentication tab. Click on Join Domain button and Save the prompt Alert to proceed further.

Join CentOS 7 Domain to Zentyal
Join Domain
Save Configuration Changes
Save Configuration Changes

12. If your configuration has been successfully saved, your system will contact the PDC and a new prompt should appear demanding you to enter a domain administrator credentials in order to join the domain.

Enter your domain name administrator user and password, hit on OK button to close the prompt and, then, click on Apply button to apply the final configuration.

Enter Domain Administration Login
Enter Domain Administration Login
Apply Configuration Changes
Apply Configuration Changes

If changes are successfully applied, the Authentication Configuration window should close and a message should appear on Terminal which will inform you that your computer has been integrated into your domain.

13. In order to verify, if your system has been added to Zentyal PDC, login to Zentyal Web Administrative Tool, go to Users and Computers -> Manage menu and check if your machine hostname appears on Computers list.

Zentyal Web Administrative Panel
Zentyal Web Administrative Panel

Step 4: Login CentOS 7 with PDC Users

14. At this point all the users listed in Zentyal PDC infrastructure should now be able to perform logins to your CentOS machine from a local or remote Terminal or by using the first Login Screen. To login from a Console or a Terminal with an PDC user use the following syntax.

$ su - your_domain.tld\\pdc_user
Login PDC User
Login PDC User

15. The default $HOME for all PDC users is /home/YOUR_DOMAIN/pdc_user.

PDC User Home
PDC User Home

16. In order to perform GUI logins exit to main CentOS 7 Login Screen, click on Not listed? link, supply your PDC user and password in the form of your_domain\pdc_user and you should be able to login onto your machine as a PDC user.

PDC GUI Login
PDC GUI Login
PDC Username
PDC Username
PDC Password
PDC Password
PDC User Desktop
PDC User Desktop

Step 5: Enable PDC Integration System-Wide

17. To automatically reach and authenticate to Zentyal PDC after every system reboot you need to enable Samba and Winbind daemons system-wide by issuing the following commands with root privileges.

# systemctl enable smb
# systemctl enable nmb
# systemctl enable winbind
Enable PDC Integration
Enable PDC Integration

That’s all, it takes for your machine to become a Zentyal PDC member. Although this procedure has been mainly focused on integrating CentOS 7 to Zentyal PDC, the same steps are also required to be completed in order to use Windows Server Active Directory authentication and domain integration.

Matei Cezar
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

9 thoughts on “Joining CentOS 7 Desktop to Zentyal PDC (Primary Domain Controller) – Part 14”

  1. Hi, is it using the same way if we want to connect centos 7 machine into windows AD? what the different is in /etc/krb5.conf windows AD does not have kdc setting

    Reply
    • The procedure for adding CentOS 7 to a Windows ADDC is basically the same as the one explained here for Zentyal. No extra steps needed.

      Reply
  2. Do you have any How-To’s on joining Centos 7 to an existing samba DC to act as a BDC then another tutorial to show how to convert the Centos7 BDC to a PDC?

    Reply

Leave a Reply to Dixieadmin Cancel reply

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.