I wanted to pass this on incase it helps someone.
###################################
# Authentication Config
###################################
#Config provided by
#
http://www.greenviolet.net/articles/...ctory-login.gv
echo -e "Installing software"
yum install nscd oddjob oddjob-mkhomedir pam_krb5 samba-winbind -y -q
echo -e "Setting SeLinux to permissive"
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/sysconfig/selinux #verified
echo -e "\e[01;33m Configuring Auth Config \e[00m"
echo -e "Enter your Workgroup Name in UPPER CASE (ex SNL):"; read WORKGROUP
echo -e "Enter your Domain Name in UPPER CASE (ex SNL.INT) :"; read DOMAIN
echo -e "Enter your Domain Admin username:"; read USERNAME
#The case is important; use all upper-case!!!!
authconfig --disablecache --winbindjoin=$USERNAME --enablelocauthorize --winbindtemplatehomedir=/home/%D/%U --enablewinbind --enablewinbindusedefaultdomain --enablewinbindauth --smbsecurity=ads --enablekrb5 --enablekrb5kdcdns --enablekrb5realmdns --enablemkhomedir --enablepamaccess --updateall --smbidmapuid=100000-1000000 --smbidmapgid=100000-1000000 --disablewinbindoffline --winbindtemplateshell=/bin/bash --smbworkgroup=$WORKGROUP --smbrealm=$DOMAIN --krb5realm=$DOMAIN
echo -e "restarting oddjobdi\n"
#/bin/systemctl restart oddjobd.service #rhel7
service oddjobd restart #rhel6
echo -e "\e[01;33m Creating /etc/sudoers.d/winadmins \e[00m"
echo -e "# Active Directory Integration sudoers\n# Note that you can use a combination of local and remote users and groups.\n\nUser_Alias LINUXADMINS = %LinuxAdmins\nUser_Alias SOMEGROUP = %CAMSAdmins\n### By default, allow both sets of admins to run all commands as root.\nLINUXADMINS ALL=(ALL) ALL\n" >> /etc/sudoers.d/winadmins
echo -e "\e[01;33m Updating PAM \e[00m"
cp /etc/pam.d/sshd /root/sshd.BAK
echo -e "auth sufficient pam_winbind.so" >> /etc/pam.d/sshd
echo -e "\e[01;33m Updating /etc/sudoers\e[00m"
mv -f /etc/sudoers /root/sudoers.BAK
echo -e 'Defaults requiretty\nDefaults !visiblepw\nDefaults always_set_home\nDefaults env_reset\nDefaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"\nDefaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"\nDefaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"\nDefaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"\nDefaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"\nDefaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin\n## Allows people in group wheel to run all commands\nroot ALL=(ALL) ALL\n%wheel ALL=(ALL) ALL\n#This is the Systems Team\n%LinuxAdmins ALL=(ALL) ALL\n' >> /etc/sudoers
chmod 440 /etc/sudoers* #set the file back to the default permissions
echo -e "\e[01;33m Updating /etc/security/access.conf \e[00m"
mv -f /etc/security/access.conf /root/access.conf.BAK
echo -e '#further restrict who can logon to the server\n#users must be a member of the listed groups to logon\n##
https://access.redhat.com/solutions/70472 - for more information\n\n+ : LinuxAdmins : ALL\n+ : SOMEGROUP : ALL\n+ : root : ALL\n- : ALL : ALL' >> /etc/security/access.conf
reboot