Joining CentOS 7 Desktop to Zentyal PDC (Primary Domain Controller) – Part 14

This tutorial will guide you on how you can integrate CentOS 7 Desktop to Zentyal 3.4 Primary Domain Controller and benefit a single centralized point of authentication for all your users across your entire network infrastructure with the help of Samba Windows interoperability packages – which includes nmbd – NetBios over IP service and Winbind – services authentication via PAM modules, Kerberos network authentication system client and the graphical version of Authconfig package provided by official CentOS repositories.

Join CentOS 7 to Zentyal PDC

Join CentOS 7 to Zentyal PDC

Requirements

  1. Install and Configure Zentyal as a PDC (Primary Domain Controller)
  2. CentOS 7 Desktop Installation Procedure

Note: The domain name “mydomain.com” used on this tutorial (or other tecmint.com articles) is fictional and resides only on my private network local setup – any resemblance with a true domain name is pure coincidence.

Step 1: Configure Network to reach Zentyal PDC

1. Before starting to install and configure the required services in order to join CentOS 7 Desktop to an Active PDC you need to make sure that your network can reach and get a response from Zentyal PDC or a Windows Active Directory DNS server.

On the first step go to CentOS Network Settings, turn off your interface Wired Connections, add the DNS IPs that points to your Zentyal PDC or Windows AD DNS servers, Apply the settings and turn on your Network Wired Card. Make sure you do all the settings as presented on the below screenshots.

CentOS Network Settings

Network Settings

Add DNS IPs

Add DNS IPs

Enable Network Card in CentOS 7

Enable Network Card

2. If your network has only a single DNS sever that resolves your PDC, you need to ensure that this IP is the first from your DNS servers list. Also open resolv.conf file located in /etc directory with root editing permissions and append the following line at the bottom, after nameserver list.

search your_domain.tld
Add DNS Nameservers

Add DNS Nameservers

3. After you have configured CentOS 7 network connections, issue a ping command against your PDC FQDN and make sure it responds accurately with its IP Address.

# ping pdc_FQDN

4. On the next step, configure your machine hostname as a Fully Qualified Domain Name (use an arbitrary name for your system and append your domain name after the first dot) and verify it by issuing the following commands with root privileges.

# hostnamectl set-hostname hostname.domain.tld
# cat /etc/hostname
# hostname
Add System Hostname in CentOS 7

Add System Hostname

The left system hostname configured on this step, will be the name that will appear on Zentyal PDC or Windows AD on joined Computers names.

5. The last step that you will need to carry out before installing required packages to join PDC is to ensure that your system time is synchronized with Zentyal PDC. Run the following command with root privileges against your domain to sync time with the server.

$ sudo ntpdate -ud domain.tld
Sync System Time

Sync System Time

Step 2: Install and Samba, Kerberos and Authconfig-gtk and Configure Kerberos Client

6. All of the packages mentioned above are maintained and offered by official CentOS repositories, so there’s no need to add supplementary repos such as Epel, Elrepo or others.

Samba and Winbind provides the needed tools that allows CentOS 7 to integrate and become a member with fully rights on Zentyal PDC Infrastructure or a Windows AD Server. Issue the following command to install Samba and Winbind packages.

$ sudo yum install samba samba-winbind
Install Samba in CentOS 7

Install Samba Winbind Packages

7. Next install the Kerberos Workstation Client, which provides a strong cryptographic network authentication based on a Key Distribution Center (KDC) trusted by all network systems, by issuing the following command.

$ sudo yum install krb5-workstation
Install krb5 Workstation

Install krb5 Workstation

8. The last package that you need to install is Authconfig-gtk, which provides a Graphical Interface that manipulates Samba files in order to authenticate to a Primary Domain Controller. Use the following command to install this tool.

$ sudo yum install authconfig-gtk
Install Authconfig GTK in CentOS 7

Install Authconfig GTK

9. After all the required packages had been installed you need to make some changes to Kerberos Client main configuration file. Open /etc/krb5.conf file with your favorite text editor using an account with root privileges and
edit the following lines.

# nano /etc/krb5.conf

Here make sure you replace this lines accordingly – Use uppercase, dots and spaces as suggested in this examples.

[libdefaults]
default_realm = YOUR_DOMAIN.TLD

[realms]
YOUR_DOMAIN.TLD = {
kdc = your_pdc_server_fqdn
}

[domain_realm]
.your_domain.tld = YOUR_DOMAIN.TLD
your_domain.tld = YOUR_DOMAIN.TLD
Configure Kerberos Client

Configure Kerberos Client

Step 3: Join CentOS 7 to Zentyal PDC

10. After you have made all of the configurations above your system should be ready to become a fully qualified member to Zentyal PDC. Open Authconfig-gtk package with root privileges and make the following adjustments as presented here.

$ sudo authconfig-gtk
a. On Identity & Authentication tab
  1. User Account Database = choose Winbind
  2. Winbind Domain = type YOUR_DOMAIN name
  3. Security Model = choose ADS
  4. Winbind ADS Realm = type YOUR_DOMAIN name
  5. Domain Controllers = type your Zentyal PDC FQDN
  6. Template Shell = choose /bin/bash
  7. Allow offline login = checked
Identity Authentication Configuration

Identity Authentication Configuration

b. Move to Advanced Options tab
  1. Local Authentication Options = check Enable fingerprint reader support
  2. Other Authentication Options = check Create home directories on the first login
Advanced Options

Advanced Options

11. Now, after editing Authentication Configuration tabs with the required values don’t close the window and go back to Identity & Authentication tab. Click on Join Domain button and Save the prompt Alert to proceed further.

Join CentOS 7 Domain to Zentyal

Join Domain

Save Configuration Changes

Save Configuration Changes

12. If your configuration has been successfully saved, your system will contact the PDC and a new prompt should appear demanding you to enter a domain administrator credentials in order to join the domain.

Enter your domain name administrator user and password, hit on OK button to close the prompt and, then, click on Apply button to apply the final configuration.

Enter Domain Administration Login

Enter Domain Administration Login

Apply Configuration Changes

Apply Configuration Changes

If changes are successfully applied, the Authentication Configuration window should close and a message should appear on Terminal which will inform you that your computer has been integrated into your domain.

13. In order to verify, if your system has been added to Zentyal PDC, login to Zentyal Web Administrative Tool, go to Users and Computers -> Manage menu and check if your machine hostname appears on Computers list.

Zentyal Web Administrative Panel

Zentyal Web Administrative Panel

Step 4: Login CentOS 7 with PDC Users

14. At this point all the users listed in Zentyal PDC infrastructure should now be able to perform logins to your CentOS machine from a local or remote Terminal or by using the first Login Screen. To login from a Console or a Terminal with an PDC user use the following syntax.

$ su - your_domain.tld\\pdc_user
Login PDC User

Login PDC User

15. The default $HOME for all PDC users is /home/YOUR_DOMAIN/pdc_user.

PDC User Home

PDC User Home

16. In order to perform GUI logins exit to main CentOS 7 Login Screen, click on Not listed? link, supply your PDC user and password in the form of your_domain\pdc_user and you should be able to login onto your machine as a PDC user.

PDC GUI Login

PDC GUI Login

PDC Username

PDC Username

PDC Password

PDC Password

PDC User Desktop

PDC User Desktop

Step 5: Enable PDC Integration System-Wide

17. To automatically reach and authenticate to Zentyal PDC after every system reboot you need to enable Samba and Winbind daemons system-wide by issuing the following commands with root privileges.

# systemctl enable smb
# systemctl enable nmb
# systemctl enable winbind
Enable PDC Integration

Enable PDC Integration

That’s all, it takes for your machine to become a Zentyal PDC member. Although this procedure has been mainly focused on integrating CentOS 7 to Zentyal PDC, the same steps are also required to be completed in order to use Windows Server Active Directory authentication and domain integration.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

9 Responses

  1. Eriston says:

    Hi, with this steps my Linux desktop will receive gpo that I created for Windows client?

  2. budi says:

    Hi, is it using the same way if we want to connect centos 7 machine into windows AD? what the different is in /etc/krb5.conf windows AD does not have kdc setting

    • Matei Cezar says:

      The procedure for adding CentOS 7 to a Windows ADDC is basically the same as the one explained here for Zentyal. No extra steps needed.

  3. Raj says:

    do we need to follow the same guide for Windows DC as well??

  4. Jon says:

    Thanks, I have been using all of these tutorials a lot, very helpful.

  5. Dixieadmin says:

    Do you have any How-To’s on joining Centos 7 to an existing samba DC to act as a BDC then another tutorial to show how to convert the Centos7 BDC to a PDC?

Leave a Reply to Eriston Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.