How can I have a Linux machine join a Windows Domain?

Question

Sorry if I am misusing terms here; I actually don't know much about Active Directory and the related technologies. Basically I have a Linux computer and I'd like it (or my user on that computer) to be associated with my user on the Domain, so that I can browse the network and all that stuff windows has.

Is this feasible? What do I need to look into to do something like this?

Josh Kelley · Answer 1 · 2018-06-20T14:04:52.183

10

There are three main options:

Kerberos plus LDAP - This is a lower-level option where you set up Linux to use Active Directory's underlying protocols yourself. Described in this answer.
Samba - Samba is the de facto standard for joining a Linux machine to a Windows domain.
Microsoft Windows Services for Unix includes options for serving usernames to Linux / UNIX via NIS and for synchronizing passwords to Linux / UNIX machines. You'd use this if you wanted to do everything possible from Windows or if you had an existing Linux / UNIX infrastructure you wanted to tie to Windows; for most environments, though, one of the other solutions would be better.

There are a few other options available too: Likewise (apparently no longer available), Centrify, SSSD... There's further discussion in this question.

edited Jun 20 '18 at 14:04

answered Oct 21 '09 at 16:28

Josh Kelley

963
1
7
17

+1 for Likewise. Likewise Open has saved me hundreds of hours in user administration. I specifically built an AD infrastructure for my Linux boxes. Way, way way way way better. – Matt Simmons Oct 21 '09 at 17:33
Likewise appears to be dead; at least your link goes to some unrelated business and searching doesn't turn up much. – detly Jun 20 '18 at 01:14
1

Likewise was purchased by Isilon (now DellEMC) for inclusion in their NAS. I guess they did away with the standalone product. – Dan Pritts Jun 20 '18 at 16:23

score 1 · Answer 2 · answered Oct 21 '09 at 17:33

Two ways that I know of. From the linux host you can try this:

root# net ads join -UAdministrator%password

Or you can just create the computer object in active directory.

Like everyone else said, you'll need to add the samba packages to get that to happen.

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html

score 0 · Answer 3 · answered Oct 21 '09 at 15:56

0

I'd suggest looking at an excellent public domain package called Samba. It might very well be part of the Linux distribution that you have installed.

answered Oct 21 '09 at 15:56

mdpc

11,698
28
51
65

score 0 · Answer 4 · answered Oct 21 '09 at 16:09

0

In order to get all the benefits and security of AD, you'll need a solution involving Kerberos (for authentication) and LDAP (for authorization). There's an excellent tutorial here that I've used in the past and it works amazingly well. It's more complex to implement than just using samba/winbindd, but you'll get the benefit of being able to use the UNIX attributes in AD to manage your linux users, groups, uids, gids, etc.

answered Oct 21 '09 at 16:09

EEAA

108,414
18
172
242

1

I believe that Samba/Winbind can use AD's UNIX attributes as well, using the idmap_ad backend (http://www.samba.org/samba/docs/man/manpages-3/idmap_ad.8.html) and the "winbind nss info" smb.conf setting (http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#id2564796) setting. – Josh Kelley Oct 21 '09 at 16:17
Heh, news to me :-) That's a nice feature to have. I guess I still prefer the security that Kerberos brings, but for more simple setups, this will probably be just fine. – EEAA Oct 21 '09 at 16:24
I don't find that tutorial excellent at all. For example, it says "Make sure that the appropriate Kerberos libraries, OpenLDAP, pam_krb5, and nss_ldap are installed. If they are not installed, install them.", without any more details. – Frank H. Sep 27 '16 at 15:05
@FrankH. You'll notice that this answer is 7 years old. If you have a better tutorial that you can link to, by all means edit my answer accordingly. However, if you are a linux sysadmin, being able to install packages without step-by-step instructions are among the first things one should learn. – EEAA Sep 27 '16 at 15:07
Since I'm asking this, it should be quite obvious that I'm not a linux admin, don't you think? – Frank H. Sep 29 '16 at 09:02
3

@FrankH. You are a professional. You cannot reasonably expect to do your job by following perfectly comprehensive, step-by-step instructions for every single task that you need to do. Some level of initiative is required to go out and actually **learn** the operating systems you're using. If you're unable or unwilling to do that, then hire someone to help you out. There's no shame in doing that. – EEAA Sep 29 '16 at 12:33

score 0 · Answer 5 · answered Oct 21 '09 at 17:28

0

same tips http://www.cyberciti.biz/tips/how-do-i-join-a-windows-2003-active-directory-domain-from-linux-system.html

answered Oct 21 '09 at 17:28

Rajat

3,329
21
29

Also a non-tutorial which just tells you in very broad terms what to do. – Frank H. Sep 27 '16 at 15:06

score 0 · Answer 6 · answered Oct 28 '09 at 09:54

0

Samba/Likewise is overkill.

Set up pam_krb5, authenticating to the KDC of the AD domain.

answered Oct 28 '09 at 09:54

Fahad Sadah

1,496
11
21

score 0 · Answer 7 · answered Nov 24 '19 at 22:04

To add a Linux machine to an Active Directory domain, you will need:

TCP / IP Config: Configure the DNS of the AD as DNS.
NTP Config: Configure the NTP server in DC
Packages: Install the necessary packages
SSSD Configuration: Configure the network authentication service.
Verification with the id command

Here is a guide, step by step:

https://www.sysadmit.com/2019/11/linux-anadir-equipo-al-dominio-windows.html

How can I have a Linux machine join a Windows Domain?

7 Answers7

Linked

Related