mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00

darksun db0e2d9aee 选题: 20190225 How To Identify That The Linux Server Is Integrated With Active Directory (AD)?

sources/tech/20190225 How To Identify That The Linux Server Is Integrated With Active Directory (AD).md

2019-03-06 19:38:02 +08:00

7.0 KiB

Raw Blame History

#: subject: (How To Identify That The Linux Server Is Integrated With Active Directory (AD)?) #: via: (https://www.2daygeek.com/how-to-identify-that-the-linux-server-is-integrated-with-active-directory-ad/) #: author: (Vinoth Kumar https://www.2daygeek.com/author/vinoth/)

How To Identify That The Linux Server Is Integrated With Active Directory (AD)?

Single Sign On (SSO) Authentication is an implemented in most of the organizations due to multiple applications access.

It allows a user to logs in with a single ID and password to all the applications which is available in the organization.

It uses a centralized authentication system for all the applications.

A while ago we had written an article, how to integrate Linux system with AD.

Today we are going to show you, how to check that the Linux system is integrated with AD using multiple ways.

It can be done in four ways and we will explain one by one.

ps Command: It report a snapshot of the current processes.
id Command: It prints user identity.
/etc/nsswitch.conf file: It is Name Service Switch configuration file.
/etc/pam.d/system-auth file: It is Common configuration file for PAMified services.

How To Identify That The Linux Server Is Integrated With AD Using PS Command?

ps command displays information about a selection of the active processes.

To integrate the Linux server with AD, we need to use either winbind or sssd or ldap service.

So, use the ps command to filter these services.

If you found any of these services is running on system then we can decide that the system is currently integrate with AD using “winbind” or “sssd” or “ldap” service.

You might get the output similar to below if the system is integrated with AD using SSSD service.

# ps -ef | grep -i "winbind\|sssd"

root 29912 1 0 2017 ? 00:19:09 /usr/sbin/sssd -f -D
root 29913 29912 0 2017 ? 04:36:59 /usr/libexec/sssd/sssd_be --domain 2daygeek.com --uid 0 --gid 0 --debug-to-files
root 29914 29912 0 2017 ? 00:29:28 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files
root 29915 29912 0 2017 ? 00:09:19 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
root 31584 26666 0 13:41 pts/3 00:00:00 grep sssd

You might get the output similer to below if the system is integrated with AD using winbind service.

# ps -ef | grep -i "winbind\|sssd"

root 676 21055 0 2017 ? 00:00:22 winbindd
root 958 21055 0 2017 ? 00:00:35 winbindd
root 21055 1 0 2017 ? 00:59:07 winbindd
root 21061 21055 0 2017 ? 11:48:49 winbindd
root 21062 21055 0 2017 ? 00:01:28 winbindd
root 21959 4570 0 13:50 pts/2 00:00:00 grep -i winbind\|sssd
root 27780 21055 0 2017 ? 00:00:21 winbindd

How To Identify That The Linux Server Is Integrated With AD Using id Command?

It Prints information for given user name, or the current user. It displays the UID, GUID, User Name, Primary Group Name and Secondary Group Name, etc.,

If the Linux system is integrated with AD then you might get the output like below. The GID clearly shows that the user is coming from AD “domain users”.

# id daygeek

uid=1918901106(daygeek) gid=1918900513(domain users) groups=1918900513(domain users)

How To Identify That The Linux Server Is Integrated With AD Using nsswitch.conf file?

The Name Service Switch (NSS) configuration file, /etc/nsswitch.conf, is used by the GNU C Library and certain other applications to determine the sources from which to obtain name-service information in a range of categories, and in what order. Each category of information is identified by a database name.

You might get the output similar to below if the system is integrated with AD using SSSD service.

# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"

passwd: files sss
shadow: files sss
group: files sss
services:   files sss
netgroup: files sss
automount: files sss

You might get the output similar to below if the system is integrated with AD using winbind service.

# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"

passwd: files [SUCCESS=return] winbind
shadow: files [SUCCESS=return] winbind
group: files [SUCCESS=return] winbind

You might get the output similer to below if the system is integrated with AD using ldap service.

# cat /etc/nsswitch.conf | grep -i "sss\|winbind\|ldap"

passwd: files ldap
shadow: files ldap
group: files ldap

How To Identify That The Linux Server Is Integrated With AD Using system-auth file?

It is Common configuration file for PAMified services.

PAM stands for Pluggable Authentication Module that provides dynamic authentication support for applications and services in Linux.

system-auth configuration file is provide a common interface for all applications and service daemons calling into the PAM library.

The system-auth configuration file is included from nearly all individual service configuration files with the help of the include directive.

You might get the output similar to below if the system is integrated with AD using SSSD service.

# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
or
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"

auth sufficient pam_sss.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_sss.so
password sufficient pam_sss.so use_authtok
session optional pam_sss.so

You might get the output similar to below if the system is integrated with AD using winbind service.

# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
or
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"

auth sufficient pam_winbind.so cached_login use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login
password sufficient pam_winbind.so cached_login use_authtok

You might get the output similar to below if the system is integrated with AD using ldap service.

# cat /etc/pam.d/system-auth | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"
or
# cat /etc/pam.d/system-auth-ac | grep -i "pam_sss.so\|pam_winbind.so\|pam_ldap.so"

auth sufficient pam_ldap.so cached_login use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_ldap.so cached_login
password sufficient pam_ldap.so cached_login use_authtok

via: https://www.2daygeek.com/how-to-identify-that-the-linux-server-is-integrated-with-active-directory-ad/

作者：Vinoth Kumar 选题：lujun9972 译者：译者ID 校对：校对者ID

本文由 LCTT 原创编译，Linux中国荣誉推出

7.0 KiB Raw Blame History

How To Identify That The Linux Server Is Integrated With Active Directory (AD)?

How To Identify That The Linux Server Is Integrated With AD Using PS Command?

How To Identify That The Linux Server Is Integrated With AD Using id Command?

How To Identify That The Linux Server Is Integrated With AD Using nsswitch.conf file?

How To Identify That The Linux Server Is Integrated With AD Using system-auth file?

7.0 KiB

Raw Blame History