Skip to content

Ansible role to configure RHEL and derivates to use Active Directory for authentication

License

Notifications You must be signed in to change notification settings

glisha/ansible-adauth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

adauth

Ansible role to configure RHEL and derivates to use Microsoft Active Directory for authentication.

Tested on Centos 6.5 and Centos 7.0. After configuration it allows only local users and users matching the $adauth_access_filter to login. You should probabably see templates/sssd.conf.j2 and defaults/main.yml.

Requirements

It is nice for the servers to be configured to use at least the Primary and Secondary domain controlers as NTP servers for the kerberos tickets.

The role joins the server in AD with Samba to generate the Keytab for GSSAPI authentication so a user with sufficient privileges to join is required.

Role Variables

The role uses the following variables, which you should override in your playbook:

  • adauth_workgroup - The short domain name uppercase.
  • adauth_realm - The domain name uppercase.
  • adauth_pdc - The primary domain controller fqdn.
  • adauth_pdc_ip - The primary domain controller ip (for dns).
  • adauth_sdc - The secondary domain controller fqdn.
  • adauth_sdc_ip - The secondary domain controller ip (for dns).
  • adauth_ldap_base - The LDAP search base.
  • adauth_server_ou - The Organisational unit where to create the server in AD.
  • adauth_access_filter - LDAP search query to limit who can login to the server. See defaults for examples.
  • adauth_username - The username with join privileges in the server OU.
  • adauth_password - The password. You can use var_prompts in your playbook for this.

Example Playbook

- hosts: ad-servers
  vars_files:
    - site_vars/adauth.yml

  roles:
     - glisha.adauth

Where site_vars/adauth.yml is defaults/main.yml modifed to your needs.

License

MIT

Author Information

Georgi Stanojevski GitHub project page

About

Ansible role to configure RHEL and derivates to use Active Directory for authentication

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published