how can we join a linux system on active directory domain
Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
how can we join a linux system on active directory domain
Hi All,
i have installed RHEL5 on my system.i want to join my system on my organisation s active directory domain.how can i do it?suppose domain name is "abc-xyz"
Id suggest intergrating at LDAP, but you can use Samba / winbind also. What do you actually want to achieve?
in our organisation mostly users are window based.they authunticate from active directory domain.now some users are using linux as well.i need the solution the linux users will also authunticate from same active directory domain.
OK, well, as above, *MY* preferred solution would be for you to install the MS SFU AD Schema extentions which will add posix attributes to AD to allow a full ldap login from any device to be done against it. http://en.wikipedia.org/wiki/Microso...vices_for_UNIX
Many people prefer the samba route, which makes the machine actually "join" the AD domain, as if it were a windows machine. This way, all missing user information (i.e. info required to make a full posix account) is created automatically on a per client machine basis. This is often fine, however a user will not have a consistent UID / GID across multiple machines, which can be a pain if you're doing cleverer things.
In line with the UID data and such, if you do want to install ldap (which is very simple and clean fom the client side, as opposed to samba which can be a bit obscure) then you can fudge UID's on the client side ldap configuration in a similar way to create the data that isn't in AD.
in our organisation mostly users are window based.they authunticate from active directory domain.now some users are using linux as well.i need the solution the linux users will also authunticate from same active directory domain.
You can simply turn on Kerberos authentication if you just need the linux users to be able to authenticate AD.
# system-config-authentication
Authentication tab
Checkbox to Enable Kerberos Support
Configure Kerberos button
in the Realm box goes your domain name in UPPER CASE.
in KDCs and Admin Servers I put nothing.
I check both "Use DNS to resolve hosts to realms" and "Use DNS to locate KDCs for realms".
After that, if I create local accounts with the same username as an AD account, I am able to use the AD password.
You should never use DNS to resolve the KDC, big security flaw there. If you don't even know the IP of your domain controllers, you deserve everything you get. ;-)
I check both "Use DNS to resolve hosts to realms" and "Use DNS to locate KDCs for realms".
You can put in your domain name eg EXAMPLE.COM in as the KDC/Admin server and it will work more effectively than using DNS to lookup realms. Using a static IP for your KDC with multiple domain controllers is a bad idea. What happens if that particular server goes down?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.