Unir clientes GNU/Linux al Active Directory de un Dominio Windows

cat /etc/resolv.conf

domain cdp.redorbita.com

search cdp.red-rbita.com

nameserver 192.168.1.142

tail -n5 /etc/network/interfaces

iface eth0 inet static

address 192.168.1.141

netmask 255.255.255.0

gateway 192.168.1.142

cat /etc/nsswitch.conf | grep -i host

hosts: files dns

ping redorbita.com

PING orbita.com (192.168.1.112) 56(84) bytes of data.

64 bytes from cdp.redorbita.com (192.168.1.142): icmp_req=1 ttl=128 time=0.420 ms

64 bytes from cdp.redorbita.com (192.168.1.142): icmp_req=2 ttl=128 time=0.837 ms

64 bytes from cdp.redorbita.com (192.168.1.142): icmp_req=3 ttl=128 time=0.398 ms

64 bytes from cdp.redorbita.com (192.168.1.142):icmp_req=4 ttl=128 time=0.463 ms

tar xvf centrify-suite-2014-deb5-x86_64.tgz

./install-express.sh
***** *****

***** WELCOME to the Centrify Suite installer! *****

***** *****
Detecting local platform …
Running ./adcheck-deb5-x86_64 …

OSCHK : Verify that this is a supported OS : Pass

PATCH : Linux patch check : Pass

PORTMAP : Verify that portmap or rpcbind is installed : Pass

PERL : Verify perl is present and is a good version : Pass

SAMBA : Inspecting Samba installation : Pass

SPACECHK : Check if there is enough disk space in /var /usr /tmp : Pass

HOSTNAME : Verify hostname setting : Pass

NSHOSTS : Check hosts line in /etc/nsswitch.conf : Pass

DNSPROBE : Probe DNS server 192.168.1.142 : Pass

DNSCHECK : Analyze basic health of DNS servers : Warning

: Only one DNS server was found in /etc/resolv.conf.

: At least one backup DNS server is recommended for

: enterprise installations.

: Only one good DNS server was found

: You might be able to continue but it is likely that you

: will have problems.

: Add more good DNS servers into /etc/resolv.conf.
WHATSSH : Is this an SSH that DirectControl works well with : Pass

SSH : SSHD version and configuration : Warning

: You are running OpenSSH_6.0p1 Debian-4, OpenSSL 1.0.1e 11 Feb 2013.

:

: This version of OpenSSH does not seem to be configured for PAM,

: ChallengeResponse and Kerberos/GSSAPI support.

: To get Active Directory users to successfully login,

: you need to configure your OpenSSH with the following options:

: (display the ones we identified were not set)

: ChallengeResponseAuthentication yes

: UsePAM Yes

:

: Centrify provides a version of OpenSSH that’s configured properly

: to allow AD users to login and provides Kerberos GSSAPI support.

:

: If you install Centrify Express or Centrify Suite

: Standard or Enterprise Edition, the Centrify build of

: OpenSSH will be installed automatically. Alternatively

: you may choose individual Suite packages to install

: with the Custom install option.
2 warnings were encountered during check. We recommend checking these before proceeding
WARNING: adcheck exited with warning(s).
With this script, you can perform the following tasks:

– Install (update) Centrify Suite Enterprise Edition (License required) [E]

 – Install (update) Centrify Suite Standard Edition (License required) [S]

– Install (update) Centrify Suite Express Edition [X]

 – Custom install (update) of individual packages [C]
You can type Q at any prompt to quit the installation and exit

the script without making any changes to your environment.
How do you want to proceed? (E|S|X|C|Q) [E]:
Do you want to run adcheck to verify your AD environment? (Q|Y|N) [Y]:
Please enter the Active Directory domain to check [company.com]: redorbita.com

Join an Active Directory domain? (Q|Y|N) [Y]:y

Enter the Active Directory domain to join [redorbita.com]:

Enter the Active Directory authorized user [administrator]:

Enter the password for the Active Directory user: 

 Enter the computer name [debian]: 

 Enter the container DN [Computers]: 

Enter the name of the domain controller [auto detect]: 

Enable auditing on this computer (DirectAudit NSS mode)? (Q|Y|N) [Y]:

Reboot the computer after installation? (Q|Y|N) [Y]:
You chose Centrify Suite Custom Edition and entered the following:

(E)rase/(R)einstall 5.1.3/(K)eep CentrifyDC-5.1.3 package: K

Install CentrifyDC-nis 5.1.3 package: N

(E)rase/(R)einstall 5.1.3/(K)eep CentrifyDC-openssh-5.1.3 package: K

Install CentrifyDC-ldapproxy 5.1.3 package: N

(E)rase/(R)einstall 3.2.0/(K)eep CentrifyDA-3.2.0 package: K

 Express authentication mode : Y

 Run adcheck : Y

 Join an Active Directory domain : Y

 Active Directory domain to join : redorbita.com

 Active Directory authorized user : administrator

 computer name : debian

 container DN : Computers

 domain controller name : auto detect

 Enable auditing : Y

 Reboot computer : Y

If this information is correct and you want to proceed, type «Y».

To change any information, type «N» and enter new information.

Do you want to continue (Y) or re-enter information? (Q|Y|N) [Y]:
Running ./adcheck-deb5-x86_64 …

NSHOSTS : Check hosts line in /etc/nsswitch.conf : Pass

DNSPROBE : Probe DNS server 192.168.1.142 : Pass

DNSCHECK : Analyze basic health of DNS servers : Warning

: Only one DNS server was found in /etc/resolv.conf.

: At least one backup DNS server is recommended for

: enterprise installations.

: Only one good DNS server was found

: You might be able to continue but it is likely that you

: will have problems.

: Add more good DNS servers into /etc/resolv.conf.
WHATSSH : Is this an SSH that DirectControl works well with : Pass

SSH : SSHD version and configuration : Pass

DOMNAME : Check that the domain name is reasonable : Pass

ADDC : Find domain controllers in DNS : Pass

ADDNS : DNS lookup of DC win-4m249jgaal6.redorbita.com : Pass

ADPORT : Port scan of DC win-4m249jgaal6.redorbita.com : Pass

ADDC : Check Domain Controllers : Pass

ADDNS : DNS lookup of DC win-4m249jgaal6.redorbita.com : Pass

GCPORT : Port scan of GC win-4m249jgaal6.redorbita.com : Pass

ADGC : Check Global Catalog servers : Pass

DCUP : Check for operational DCs in redorbita.com : Pass

SITEUP : Check DCs for redorbita.com in our site : Pass

DNSSYM : Check DNS server symmetry : Pass

ADSITE : Check that this machine’s subnet is in a site known by AD : Pass

GSITE : See if we think this is the correct site : Pass

TIME : Check clock synchronization : Pass

ADSYNC : Check domains all synchronized : Pass

1 warning was encountered during check. We recommend checking this before proceeding
WARNING: adcheck exited with warning(s).

Joining the Active Directory domain redorbita.com …

Using domain controller: win-4m249jgaal6.redorbita.com writable=true

Join to domain:redorbita.com, zone:Auto Zone successful
Centrify DirectControl started.

Loading domains and trusts information
Initializing cache

.

You have successfully joined the Active Directory domain: redorbita.com

in the Centrify DirectControl zone: Auto Zone

You may need to restart other services that rely upon PAM and NSS or simply

reboot the computer for proper operation. Failure to do so may result in

login problems for AD users.
Enabling DirectAudit NSS mode …

Restarting DirectAudit daemon …

Rebooting the computer …

Rebooting now …
Broadcast message from root@debian (pts/1) (Wed Mar 5 00:36:14 2014):
The system is going down for reboot NOW!

Install.sh completed successfully. Nothing was installed or uninstalled.