Return to Level1Techs.com

Linux Active Directory Integration


#1

Does anybody have any experience with joining linux machines to an AD Domain? Most specifically, does anybody have any experience with Centrify Express?
I am looking to have a linux machine in our office that allows users to log in with their AD creds.


#2

Watching this thread.

I too have tried to hookup a linux box with AD; but to no avail.


#3

I think this depends on what version of AD DS, i read they had removed some linux based functionality, but i dont know if it was specific to Ad authentication.

There's a tonne of info out there though, it would be good to know exactly what you've tried or are trying to accomplish.

RH has this info https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/introduction.html

I've been using FreeIPA, so unfortunately I can't help much.


#4

This page may be of use to you:

https://help.ubuntu.com/community/LDAPClientAuthentication

I'm not a pro with AD, but you should be able to use LDAP protocol to connect to AD DS if I remember correctly.

Disclaimer: I haven't touched a windows machine for years.


#5

At work I joined our Ubuntu server to AD but it is not acting as an AD server but more like a workstation for user auth for Nextcloud. I have not used centrify express. Its been a minute since I set it up so I dont remember the exact details but I set up samba and winbind and in my smb.conf are winbind entries which are whats needed to get it connected.

Heres an older tutorial https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

I can share my config if you need.

EDIT: Heres a much newer tut that I think is probably better.

https://www.tecmint.com/join-ubuntu-to-active-directory-domain-member-samba-winbind/

The downside to linux is its so stable its "set and forget". I did this once and would probably have to re-learn everything I did over again because its been a year since I did it. Well that, and I'm still very much a scrub to linux. Also for reference I am using Ubuntu 16.04 LTS and Server 2012 R2. I remember it being a pain in the ass to get working but it has since been great.


#6

I personally like to just add kerberos authentication to have more control of who can't login to my linux servers. (aka, i have to manually add your AD userid for you be able to login with your AD creds using kerberos)

I have also played around with straight ldap users and ldap auth...
along with ldap users with kerberos auth...
both ldap and ldaps...

Straight kerberos with local users is the easiest / quickest to setup.
Another good option is winbind with kerberos auth.


#7

Where i work its Windows only. I only handle T1 and T2 support. We are forbade from messing with the servers, we can only mess with clients with limited freedom.

That is why I am interested in seeing how one could get a linux box going on a mostly pure windows AD environment.


#8

All I needed in my setup were valid creds to join.


#9

So here's a better description of what's going on:

I have all windows servers and machines in my office - I'd like to set up a linux desktop (not as a server) that can be used by employees to log in with their creds. I dont necessarily need this integration to automatically map their drives and pick their backgrounds, etc through group policy, I just want it as an access control mechanism - I'd also like it to follow the permissions structure (i.e. block them) if they try to map a drive that they do not have permission to access.


#10

Check the second link I posted. should be what you need to get going.