Attunity RepliWeb PAM Configuration Guide



Similar documents
Allowing Linux to Authenticate to a Windows 2003 AD Domain. Prepared by. Thomas J. Munn, CISSP 11-May-06

Attunity RepliWeb Failover Guide

Configure Samba with ACL and Active Directory integration Robert LeBlanc BioAg Computer Support, Brigham Young University

Connect to UW UWWI Active Directory

Univention Corporate Server. Extended domain services documentation

(june > this is version 3.025a)

Installing Squid with Active Directory Authentication

RHEL Clients to AD Integrating RHEL clients to Active Directory

Windows Enterprise OU Administrator Tips. Integrating RHEL5 Systems with Active Directory

Active Directory and Linux Identity Management

Linuxdays 2005, Samba Tutorial

Distributed File System

LDAP (Lightweight Directory Access Protocol) LDAP is an Internet standard protocol used by

Installing RMFT on an MS Cluster

# Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server ; wins support = no

SUSE Manager 1.2.x ADS Authentication

Single Sign On / Authentication against Active Directory for Windows, Linux and Mac with a common home area via Samba and Winbind

Using Single Sign-on with Samba. Appendices. Glossary. Using Single Sign-on with Samba. SonicOS Enhanced

Using Active Directory as your Solaris Authentication Source

SAMBA SERVER (PDC) Samba is comprised of a suite of RPMs that come on the RHEL/Fedora CDs. The files are named:

Secure Agent Quick Start for Windows

Migration of Windows Intranet domain to Linux Domain Moving Linux to a Wider World

Using Active Directory to Authenticate Linux Users. Using Standard Protocols and Open Source Products

How To Use Directcontrol With Netapp Filers And Directcontrol Together

Interoperability Update: Red Hat Enterprise Linux 7 beta and Microsoft Windows

Windows XP Exchange Client Installation Instructions

RDS Directory Synchronization

WINDOWS 7 & HOMEGROUP

File and Printer Sharing with Microsoft Windows

Parallels Plesk Panel

I am an SE at a large storage system vendor

Quick Start Guide for Parallels Virtuozzo

Installing Microsoft Exchange Integration for LifeSize Control

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Quick Start Guide for VMware and Windows 7

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

Configuring Squid Proxy, Active Directory Authentication and SurfProtect ICAP Access

ScriptLogic File System Auditor User Guide

Instructions for Adding a MacOS 10.4.x Server to ASURITE for File Sharing. Installation Section

SSSD Active Directory Improvements

Administration guide. Océ LF Systems. Connectivity information for Scan-to-File

Installation Instruction STATISTICA Enterprise Small Business

SuSE File and Print Services with

Configuring IBM Cognos Controller 8 to use Single Sign- On

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

LPR for Windows 95/98/Me/2000/XP TCP/IP Printing User s Guide. Rev. 03 (November, 2001)

Hyper-V Server 2008 Setup and Configuration Tool Guide

Unifying Authorization Models

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

White Paper. Fabasoft on Linux - Preparation Guide for Community ENTerprise Operating System. Fabasoft Folio 2015 Update Rollup 2

BioWin Network Installation

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

AD RMS Step-by-Step Guide

Installing the Microsoft Network Driver Interface

WS_FTP Server. User s Guide. Software Version 3.1. Ipswitch, Inc.

Configuring Integrated Windows Authentication for JBoss with SAS 9.3 Web Applications

The following process allows you to configure exacqvision permissions and privileges for accounts that exist on an Active Directory server:

Bring Linux into Microsoft s ADS

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Check Point FDE integration with Digipass Key devices

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Windows Domain Network Configuration Guide

Setting up VMware Server v1 for 2X VirtualDesktopServer Manual

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Citrix Systems, Inc.

Avaya CM Login with Windows Active Directory Services

EventTracker: Support to Non English Systems

Windows Clients and GoPrint Print Queues

Configuring Integrated Windows Authentication for Oracle WebLogic with SAS 9.2 Web Applications

Dell Statistica Statistica Enterprise Installation Instructions

Linux/Unix Active Directory Authentication Integration Using Samba Winbind

SENECA COLLEGE OF APPLIED ARTS AND TECHNOLOGY

CYAN SECURE WEB HOWTO. NTLM Authentication

Secure IIS Web Server with SSL

Linux Development Environment Description Based on VirtualBox Structure

Installation Instruction STATISTICA Enterprise Server

Joining. Domain. Windows XP Pro

Configuring Sponsor Authentication

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

SYMANTEC BACKUPEXEC2010 WITH StorTrends

NovaBACKUP xsp Version 15.0 Upgrade Guide

How to Secure a Groove Manager Web Site

DP-313 Wireless Print Server

RMFT Event Viewer Messages

Active Directory integration with CloudByte ElastiStor

1. Installation Overview

CA Performance Center

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Installation Guide Mac OS X Operating Systems

Sophos Anti-Virus for NetApp Storage Systems startup guide

Setup and Configuration Guide for Pathways Mobile Estimating

StarWind iscsi SAN Software: Tape Drives Using StarWind and Symantec Backup Exec

Installation Guidelines (MySQL database & Archivists Toolkit client)

etoken Enterprise For: SSL SSL with etoken

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

IBM WebSphere Application Server Version 7.0

Windows Security and Directory Services for UNIX using Centrify DirectControl

Synology NAS Server Windows ADS FAQ

Transcription:

Attunity RepliWeb PAM Configuration Guide Software Version 5.2 For Linux and UNIX operating systems June 28, 2012 RepliWeb, Inc., 6441 Lyons Road, Coconut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: info@repliweb.com, Support: http://support.repliweb.com

2012 Attunity Ltd. All rights reserved. The information in this manual has been compiled with care, but Attunity Ltd. makes no warranties as to its accuracy or completeness. The software described herein may be changed or enhanced from time to time. This information does not constitute a commitment or representation by Attunity and is subject to change without notice. The software described in this document is furnished under license and may be used and/or copied only in accordance with the terms of this license and the End User License Agreement. No part of this manual may be reproduced or transmitted, in any form, by any means (electronic, photocopying, recording or otherwise) without the express written consent of Attunity Ltd. Windows, Windows XP and Windows Vista are trademarks of Microsoft Corporation in the US and/or other countries. UNIX is a registered trademark of Bell Laboratories licensed to X/OPEN. Any other product or company names referred to in this document may be the trademarks of their respective owners. Please direct correspondence or inquiries to: RepliWeb, Inc. 6441 Lyons Road Coconut Creek, Florida 33073 USA Telephone: (954) 946-2274 Fax: (954) 337-6424 Sales & General Information: Documentation: Technical Support: Website: info@repliweb.com docs@repliweb.com http://support.repliweb.com http://www.repliweb.com ii

Table of Contents 1. System Requirements... 4 Windows... 4 Installing Identity Management for UNIX... 4 UNIX/Linux... 5 2. Connecting a UNIX Machine to a Domain... 6 Windows 2003 Server R2 Configuration... 6 UNIX\Linux Configuration:... 6 Editing Configuration Files:... 6 Joining a Domain:... 10 3. Connecting to R-1 with a Domain User... 11 A: Joining a Domain via SUSE GUI... 14 iii

1. System Requirements Make sure the participating machines meet these requirements before beginning. Note: This chapter applies to machines without AD/LDAP for Linux or UNIX. Windows Before joining a UNIX machine to a domain, make sure Windows Server 2003 R2 includes the Identity Management for UNIX component. Installing Identity Management for UNIX Note: If your machine is not using an R2 version server, you must download the Microsoft Services for UNIX 3.5 component from Microsoft and either install it or upgrade you server to an R2 version. To install Identity Management for UNIX: 1. In Control Panel, open the Add or Remove Programs window and click the Add/Remove Windows Components button. 2. From the Windows Components wizard that appears, select the Active Directory Services checkbox and click the Details button. 3. From the Active Directory Services window that appears, select the Identity Management for UNIX checkbox. 4. Click OK to close the Active Directory Services window and then click Next to configure the new component. 4

System Requirements Note: If needed, the configuration may prompt you to insert the Windows Server 2003 R2 installation CD. 5. Click Finish. UNIX/Linux Before you start the connection procedure, make sure Samba and Winbind daemons are installed and running at startup. Note: The daemon installation process may differ depending on the UNIX/Linux flavor you are using. 5

2. Connecting a UNIX Machine to a Domain Windows 2003 Server R2 Configuration To prepare Windows server: 1. After installing the Identity Management for UNIX component, a new scheme called Unix Attributes is added to the server. Right click a user, a dialog called <User Name> Properties appears. 2. Access the UNIX Attributes tab. 3. From the Nis domain, select the domain Name. UNIX\Linux Configuration: Preparing the UNIX/Linux machine requires editing these files: /etc/hosts /etc/krb5.conf /etc/nsswitch.conf /etc/resolv.conf /etc/samba/smb.conf Follow the steps below to edit these files on your UNIX/Linux machine. Alternatively, you can perform this procedure using SUSE GUI, as described in the Appendix section. Editing Configuration Files: Note: In the examples below, Domain is unix.int, and Domain Controller FQDN is: dcunix.unix.int. Additionally, the UNIX Machine Host name is: suse01x3201. To prepare UNIX/Linux server: 1. Go to /etc/hosts and either add or change to the following: 1.0272721 susi01x3201.unix.int susi01x3201 localhost 10.0.61.131 dcunix.unit.int dcunix 2. Go to /etc/krb5.conf and change to the following: 6

Connecting a UNIX Machine to a Domain [libdefaults] default_realm = UNIX.INT clockskew = 300 [realms] UNIX.INT = { kdc = dcunix.unix.int kdc = 10.0.61.131 default_domain = unix.int admin_server = 10.0.61.131 } [domain_realm] 2unix.int = UNIX.INT [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false minimum_uid = 1 } 3. Go to /etc/nsswitch.conf and change to the following: passwd: files winbind shadow: files winbind group: files winbind protocols: files winbind services: files winbind netgroup: files winbind automount: files winbind 4. Go to /etc/resolve.conf and change to the following: search unix.int nameserver 10.0.61.131 5. Go to /etc/smb.conf and change to the following: 7

Connecting a UNIX Machine to a Domain # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.suse if the # samba-doc package is installed. [global] workgroup = UNIX printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = No idmap gid = 1000-30000 idmap uid = 1000-30000 realm = UNIX.INT security = ADS template homedir = /home/%d/%u template shell = /bin/bash winbind refresh tickets = yes winbind enum users = yes winbind use default domain = yes winbind enum groups = yes [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes 8

Connecting a UNIX Machine to a Domain [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 9

Connecting a UNIX Machine to a Domain Joining a Domain: To join the machine to a domain: 1. Restart the smb and winbind daemons by running these two commands: o o /etc/init.d/smb restart /etc/winbind restart 2. If these services restarted successfully, run the command: net ads join U administrator 3. When prompted, enter the password. A message appears informing that the machine has joined the domain. If the join operation fails, try to either restart the services or restart both the machine and services, then rerun net ads join U administrator. 4. To make sure that the machine has successfully joined the domain, complete one of the following steps: o o o Go to the DC. In Active directory Users and Computers, search for the machine name. Run the wbinfo g command. This command lists the groups in the domain. Run the wbinfo u command. This command lists the users whose UNIX attributes you have defined. Note: If running wbinfo g or wbinfo u fails with an error, restart the machine and then make sure the Samba and Winbind daemons are running. 10

3. Connecting to R-1 with a Domain User To connect to R-1 with a domain user: 1. Install R-1. 2. Install RTM (Repliweb Topology Manager). 3. In UNIX, access the /etc/pam.d directory and create a file called repliweb. Then, copy/paste the following PAM authentication rules into this file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so 11

Connecting to R-1 with a Domain User 4. Connect with RTM to the machine. 5. In RTM Manager, add a new Host to the UNIX machine (i.e. the IP of the UNIX machine) by double clicking its IP. The RTM Manage window appears for this UNIX machine. 6. Open the PAM Service tab. 7. Select the Use PAM Service checkbox. a. In the PAM Service Name field, specify the file name you created in step 3 (repliweb), without its path. Note: PAM Service Name is case sensitive. b. In the PAM Library Path field, specify: For 32-bit machines: /lib/libpam.so.0. For 64-bit machines: /lib64/libpam.so.0 IMPORTANT: The libpam library can be stored in several possible locations (e.g., /usr/lib/) and may contain different suffixes. Please make sure the specified path and suffixes are accurate, otherwise PAM authentication will fail. 8. Select if to attempt local authentication in the event that PAM authentication fails. Note: If the machine has a Centrify installation, make sure the Continue to local authentication on PAM failure checkbox is unselected. If PAM authentication is not successful, in the PAM configuration directory (default: /etc/pam.d), add the following lines inside the /etc/pam.d/repliweb file mentioned above: auth sufficient pam_centrifydc.so auth requisite pam_centrifydc.so deny account sufficient pam_centrifydc.so account requisite pam_centrifydc.so deny session required pam_centrifydc.so homedir 12

Connecting to R-1 with a Domain User password sufficient pam_centrifydc.so try_first_pass password requisite pam_centrifydc.so deny 9. Open R-1 Console and connect using a domain user s credentials. Note: Provide the user s Username and Password, but leave the Domain field empty. Note: When connecting to a UNIX machine, to avoid specifying a domain in the User Name field, add winbind use default domain = yes to the /etc/samba/smb.conf file s [global] section. 13

A: Joining a Domain via SUSE GUI Use this procedure to join a UNIX\Linux machine to a Windows domain using SUSE GUI. To join a UNIX machine to a domain using SUSE GUI: 1. Log in to the machine as root. 2. Open YaST (Yet another Setup Tool). 3. Search for the Windows Domain Membership network service: 4. Open Windows Domain Membership. 14

Appendix: Joining a Domain via SUSE GUI 5. In the Domain or Workgroup field, enter the domain name. (In our example: unix.int ). 6. Select the Also Use SMB information for Linux Authentication and Create Home Directory on Login checkboxes. (Do not click OK yet.) 7. Open YaST and search for Network Settings. a. Change the Hostname. b. Change the Domain Name. c. In the Name Server 1 field, add the IP of the Domain Controller. d. Click OK. 8. Return to the Windows Domain Membership window and click OK. 9. When prompted, enter the Domain Controller s administrator password. 15

Appendix: Joining a Domain via SUSE GUI 10. Click OK. If you properly configured the settings, the following message will appear: Domain <UNIX> joined successfully. 11. Click OK. 12. When prompted, insert the SUSE installation CD. 16

Appendix: Joining a Domain via SUSE GUI 13. Restart the smb and winbind services. NOTE: These services must be started at startup. 14. Make sure the machine was successfully added to the domain: a. Open Terminal. b. Run the wbinfo g command. This command lists the groups in the domain. c. Run the wbinfo u command. This command lists the users whose UNIX attributes you defined. 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information