document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12664 from lujun9972/add-MjAxOTAyMjUgSG93IFRvIElkZW50aWZ5IFRoYXQgVGhlIExpbnV4IFNlcnZlciBJcyBJbnRlZ3JhdGVkIFdpdGggQWN0aXZlIERpcmVjdG9yeSAoQUQpLm1kCg==

Browse Source 
选题: 20190225 How To Identify That The Linux Server Is Integrated With…
This commit is contained in:
Xingyu.Wang 2019-03-06 20:01:03 +08:00 committed by GitHub
commit 05f77ea759
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 177 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
sources/tech/20190225 How To Identify That The Linux Server Is Integrated With Active Directory (AD).md Normal file
View File

@ -0,0 +1,177 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How To Identify That The Linux Server Is Integrated With Active Directory (AD)?)
[#]: via: (https://www.2daygeek.com/how-to-identify-that-the-linux-server-is-integrated-with-active-directory-ad/)
[#]: author: (Vinoth Kumar https://www.2daygeek.com/author/vinoth/)
How To Identify That The Linux Server Is Integrated With Active Directory (AD)?
======
Single Sign On (SSO) Authentication is an implemented in most of the organizations due to multiple applications access.
It allows a user to logs in with a single ID and password to all the applications which is available in the organization.
It uses a centralized authentication system for all the applications.
A while ago we had written an article, **[how to integrate Linux system with AD][1]**.
Today we are going to show you, how to check that the Linux system is integrated with AD using multiple ways.
It can be done in four ways and we will explain one by one.
* **`ps Command:`** It report a snapshot of the current processes.
* **`id Command:`** It prints user identity.
* **`/etc/nsswitch.conf file:`** It is Name Service Switch configuration file.
* **`/etc/pam.d/system-auth file:`** It is Common configuration file for PAMified services.
### How To Identify That The Linux Server Is Integrated With AD Using PS Command?
ps command displays information about a selection of the active processes.
To integrate the Linux server with AD, we need to use either `winbind` or `sssd` or `ldap` service.
So, use the ps command to filter these services.
If you found any of these services is running on system then we can decide that the system is currently integrate with AD using “winbind” or “sssd” or “ldap” service.
You might get the output similar to below if the system is integrated with AD using `SSSD` service.
```
# ps -ef | grep -i "winbind\|sssd"
root 29912 1 0 2017 ? 00:19:09 /usr/sbin/sssd -f -D
root 29913 29912 0 2017 ? 04:36:59 /usr/libexec/sssd/sssd_be --domain 2daygeek.com --uid 0 --gid 0 --debug-to-files
root 29914 29912 0 2017 ? 00:29:28 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
root 29915 29912 0 2017 ? 00:09:19 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
root 31584 26666 0 13:41 pts/3 00:00:00 grep sssd
```
You might get the output similer to below if the system is integrated with AD using `winbind` service.
```
# ps -ef | grep -i "winbind\|sssd"
root 676 21055 0 2017 ? 00:00:22 winbindd
root 958 21055 0 2017 ? 00:00:35 winbindd
root 21055 1 0 2017 ? 00:59:07 winbindd
root 21061 21055 0 2017 ? 11:48:49 winbindd
root 21062 21055 0 2017 ? 00:01:28 winbindd
root 21959 4570 0 13:50 pts/2 00:00:00 grep -i winbind\|sssd
root 27780 21055 0 2017 ? 00:00:21 winbindd
```
### How To Identify That The Linux Server Is Integrated With AD Using id Command?
It Prints information for given user name, or the current user. It displays the UID, GUID, User Name, Primary Group Name and Secondary Group Name, etc.,
If the Linux system is integrated with AD then you might get the output like below. The GID clearly shows that the user is coming from AD “domain users”.
```
# id daygeek
uid=1918901106(daygeek) gid=1918900513(domain users) groups=1918900513(domain users)
```
### How To Identify That The Linux Server Is Integrated With AD Using nsswitch.conf file?
The Name Service Switch (NSS) configuration file, `/etc/nsswitch.conf`, is used by the GNU C Library and certain other applications to determine the sources from which to obtain name-service information in a range of categories, and in what order. Each category of information is identified by a database name.
You might get the output similar to below if the system is integrated with AD using `SSSD` service.
```
# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"
passwd: files sss
shadow: files sss
group: files sss
services: files sss
netgroup: files sss
automount: files sss
```
You might get the output similar to below if the system is integrated with AD using `winbind` service.
```
# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"
passwd: files [SUCCESS=return] winbind
shadow: files [SUCCESS=return] winbind
group: files [SUCCESS=return] winbind
```
You might get the output similer to below if the system is integrated with AD using `ldap` service.
```
# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"
passwd: files ldap
shadow: files ldap
group: files ldap
```
### How To Identify That The Linux Server Is Integrated With AD Using system-auth file?
It is Common configuration file for PAMified services.
PAM stands for Pluggable Authentication Module that provides dynamic authentication support for applications and services in Linux.
system-auth configuration file is provide a common interface for all applications and service daemons calling into the PAM library.
The system-auth configuration file is included from nearly all individual service configuration files with the help of the include directive.
You might get the output similar to below if the system is integrated with AD using `SSSD` service.
```
# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
or
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
auth sufficient pam_sss.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_sss.so
password sufficient pam_sss.so use_authtok
session optional pam_sss.so
```
You might get the output similar to below if the system is integrated with AD using `winbind` service.
```
# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
or
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
auth sufficient pam_winbind.so cached_login use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login
password sufficient pam_winbind.so cached_login use_authtok
```
You might get the output similar to below if the system is integrated with AD using `ldap` service.
```
# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
or
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
auth sufficient pam_ldap.so cached_login use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_ldap.so cached_login
password sufficient pam_ldap.so cached_login use_authtok
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/how-to-identify-that-the-linux-server-is-integrated-with-active-directory-ad/
作者:[Vinoth Kumar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/vinoth/
[b]: https://github.com/lujun9972
[1]: https://www.2daygeek.com/join-integrate-rhel-centos-linux-system-to-windows-active-directory-ad-domain/