mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
178 lines
7.0 KiB
Markdown
178 lines
7.0 KiB
Markdown
|
[#]: collector: (lujun9972)
|
||
|
[#]: translator: ( )
|
||
|
[#]: reviewer: ( )
|
||
|
[#]: publisher: ( )
|
||
|
[#]: url: ( )
|
||
|
[#]: subject: (How To Identify That The Linux Server Is Integrated With Active Directory (AD)?)
|
||
|
[#]: via: (https://www.2daygeek.com/how-to-identify-that-the-linux-server-is-integrated-with-active-directory-ad/)
|
||
|
[#]: author: (Vinoth Kumar https://www.2daygeek.com/author/vinoth/)
|
||
|
|
||
|
How To Identify That The Linux Server Is Integrated With Active Directory (AD)?
|
||
|
======
|
||
|
|
||
|
Single Sign On (SSO) Authentication is an implemented in most of the organizations due to multiple applications access.
|
||
|
|
||
|
It allows a user to logs in with a single ID and password to all the applications which is available in the organization.
|
||
|
|
||
|
It uses a centralized authentication system for all the applications.
|
||
|
|
||
|
A while ago we had written an article, **[how to integrate Linux system with AD][1]**.
|
||
|
|
||
|
Today we are going to show you, how to check that the Linux system is integrated with AD using multiple ways.
|
||
|
|
||
|
It can be done in four ways and we will explain one by one.
|
||
|
|
||
|
* **`ps Command:`** It report a snapshot of the current processes.
|
||
|
* **`id Command:`** It prints user identity.
|
||
|
* **`/etc/nsswitch.conf file:`** It is Name Service Switch configuration file.
|
||
|
* **`/etc/pam.d/system-auth file:`** It is Common configuration file for PAMified services.
|
||
|
|
||
|
|
||
|
|
||
|
### How To Identify That The Linux Server Is Integrated With AD Using PS Command?
|
||
|
|
||
|
ps command displays information about a selection of the active processes.
|
||
|
|
||
|
To integrate the Linux server with AD, we need to use either `winbind` or `sssd` or `ldap` service.
|
||
|
|
||
|
So, use the ps command to filter these services.
|
||
|
|
||
|
If you found any of these services is running on system then we can decide that the system is currently integrate with AD using “winbind” or “sssd” or “ldap” service.
|
||
|
|
||
|
You might get the output similar to below if the system is integrated with AD using `SSSD` service.
|
||
|
|
||
|
```
|
||
|
# ps -ef | grep -i "winbind\|sssd"
|
||
|
|
||
|
root 29912 1 0 2017 ? 00:19:09 /usr/sbin/sssd -f -D
|
||
|
root 29913 29912 0 2017 ? 04:36:59 /usr/libexec/sssd/sssd_be --domain 2daygeek.com --uid 0 --gid 0 --debug-to-files
|
||
|
root 29914 29912 0 2017 ? 00:29:28 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
|
||
|
root 29915 29912 0 2017 ? 00:09:19 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
|
||
|
root 31584 26666 0 13:41 pts/3 00:00:00 grep sssd
|
||
|
```
|
||
|
|
||
|
You might get the output similer to below if the system is integrated with AD using `winbind` service.
|
||
|
|
||
|
```
|
||
|
# ps -ef | grep -i "winbind\|sssd"
|
||
|
|
||
|
root 676 21055 0 2017 ? 00:00:22 winbindd
|
||
|
root 958 21055 0 2017 ? 00:00:35 winbindd
|
||
|
root 21055 1 0 2017 ? 00:59:07 winbindd
|
||
|
root 21061 21055 0 2017 ? 11:48:49 winbindd
|
||
|
root 21062 21055 0 2017 ? 00:01:28 winbindd
|
||
|
root 21959 4570 0 13:50 pts/2 00:00:00 grep -i winbind\|sssd
|
||
|
root 27780 21055 0 2017 ? 00:00:21 winbindd
|
||
|
```
|
||
|
|
||
|
### How To Identify That The Linux Server Is Integrated With AD Using id Command?
|
||
|
|
||
|
It Prints information for given user name, or the current user. It displays the UID, GUID, User Name, Primary Group Name and Secondary Group Name, etc.,
|
||
|
|
||
|
If the Linux system is integrated with AD then you might get the output like below. The GID clearly shows that the user is coming from AD “domain users”.
|
||
|
|
||
|
```
|
||
|
# id daygeek
|
||
|
|
||
|
uid=1918901106(daygeek) gid=1918900513(domain users) groups=1918900513(domain users)
|
||
|
```
|
||
|
|
||
|
### How To Identify That The Linux Server Is Integrated With AD Using nsswitch.conf file?
|
||
|
|
||
|
The Name Service Switch (NSS) configuration file, `/etc/nsswitch.conf`, is used by the GNU C Library and certain other applications to determine the sources from which to obtain name-service information in a range of categories, and in what order. Each category of information is identified by a database name.
|
||
|
|
||
|
You might get the output similar to below if the system is integrated with AD using `SSSD` service.
|
||
|
|
||
|
```
|
||
|
# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"
|
||
|
|
||
|
passwd: files sss
|
||
|
shadow: files sss
|
||
|
group: files sss
|
||
|
services: files sss
|
||
|
netgroup: files sss
|
||
|
automount: files sss
|
||
|
```
|
||
|
|
||
|
You might get the output similar to below if the system is integrated with AD using `winbind` service.
|
||
|
|
||
|
```
|
||
|
# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"
|
||
|
|
||
|
passwd: files [SUCCESS=return] winbind
|
||
|
shadow: files [SUCCESS=return] winbind
|
||
|
group: files [SUCCESS=return] winbind
|
||
|
```
|
||
|
|
||
|
You might get the output similer to below if the system is integrated with AD using `ldap` service.
|
||
|
|
||
|
```
|
||
|
# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"
|
||
|
|
||
|
passwd: files ldap
|
||
|
shadow: files ldap
|
||
|
group: files ldap
|
||
|
```
|
||
|
|
||
|
### How To Identify That The Linux Server Is Integrated With AD Using system-auth file?
|
||
|
|
||
|
It is Common configuration file for PAMified services.
|
||
|
|
||
|
PAM stands for Pluggable Authentication Module that provides dynamic authentication support for applications and services in Linux.
|
||
|
|
||
|
system-auth configuration file is provide a common interface for all applications and service daemons calling into the PAM library.
|
||
|
|
||
|
The system-auth configuration file is included from nearly all individual service configuration files with the help of the include directive.
|
||
|
|
||
|
You might get the output similar to below if the system is integrated with AD using `SSSD` service.
|
||
|
|
||
|
```
|
||
|
# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
|
||
|
or
|
||
|
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
|
||
|
|
||
|
auth sufficient pam_sss.so use_first_pass
|
||
|
account [default=bad success=ok user_unknown=ignore] pam_sss.so
|
||
|
password sufficient pam_sss.so use_authtok
|
||
|
session optional pam_sss.so
|
||
|
```
|
||
|
|
||
|
You might get the output similar to below if the system is integrated with AD using `winbind` service.
|
||
|
|
||
|
```
|
||
|
# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
|
||
|
or
|
||
|
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
|
||
|
|
||
|
auth sufficient pam_winbind.so cached_login use_first_pass
|
||
|
account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login
|
||
|
password sufficient pam_winbind.so cached_login use_authtok
|
||
|
```
|
||
|
|
||
|
You might get the output similar to below if the system is integrated with AD using `ldap` service.
|
||
|
|
||
|
```
|
||
|
# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
|
||
|
or
|
||
|
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
|
||
|
|
||
|
auth sufficient pam_ldap.so cached_login use_first_pass
|
||
|
account [default=bad success=ok user_unknown=ignore] pam_ldap.so cached_login
|
||
|
password sufficient pam_ldap.so cached_login use_authtok
|
||
|
```
|
||
|
|
||
|
--------------------------------------------------------------------------------
|
||
|
|
||
|
via: https://www.2daygeek.com/how-to-identify-that-the-linux-server-is-integrated-with-active-directory-ad/
|
||
|
|
||
|
作者:[Vinoth Kumar][a]
|
||
|
选题:[lujun9972][b]
|
||
|
译者:[译者ID](https://github.com/译者ID)
|
||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||
|
|
||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||
|
|
||
|
[a]: https://www.2daygeek.com/author/vinoth/
|
||
|
[b]: https://github.com/lujun9972
|
||
|
[1]: https://www.2daygeek.com/join-integrate-rhel-centos-linux-system-to-windows-active-directory-ad-domain/
|