Linux Active Directory Integration

Does anybody have any experience with joining linux machines to an AD Domain? Most specifically, does anybody have any experience with Centrify Express?
I am looking to have a linux machine in our office that allows users to log in with their AD creds.

1 Like

Watching this thread.

I too have tried to hookup a linux box with AD; but to no avail.


I think this depends on what version of AD DS, i read they had removed some linux based functionality, but i dont know if it was specific to Ad authentication.

There's a tonne of info out there though, it would be good to know exactly what you've tried or are trying to accomplish.

RH has this info

I've been using FreeIPA, so unfortunately I can't help much.

This page may be of use to you:

I'm not a pro with AD, but you should be able to use LDAP protocol to connect to AD DS if I remember correctly.

Disclaimer: I haven't touched a windows machine for years.

At work I joined our Ubuntu server to AD but it is not acting as an AD server but more like a workstation for user auth for Nextcloud. I have not used centrify express. Its been a minute since I set it up so I dont remember the exact details but I set up samba and winbind and in my smb.conf are winbind entries which are whats needed to get it connected.

Heres an older tutorial

I can share my config if you need.

EDIT: Heres a much newer tut that I think is probably better.

The downside to linux is its so stable its "set and forget". I did this once and would probably have to re-learn everything I did over again because its been a year since I did it. Well that, and I'm still very much a scrub to linux. Also for reference I am using Ubuntu 16.04 LTS and Server 2012 R2. I remember it being a pain in the ass to get working but it has since been great.

1 Like

I personally like to just add kerberos authentication to have more control of who can't login to my linux servers. (aka, i have to manually add your AD userid for you be able to login with your AD creds using kerberos)

I have also played around with straight ldap users and ldap auth...
along with ldap users with kerberos auth...
both ldap and ldaps...

Straight kerberos with local users is the easiest / quickest to setup.
Another good option is winbind with kerberos auth.

Where i work its Windows only. I only handle T1 and T2 support. We are forbade from messing with the servers, we can only mess with clients with limited freedom.

That is why I am interested in seeing how one could get a linux box going on a mostly pure windows AD environment.

All I needed in my setup were valid creds to join.

So here's a better description of what's going on:

I have all windows servers and machines in my office - I'd like to set up a linux desktop (not as a server) that can be used by employees to log in with their creds. I dont necessarily need this integration to automatically map their drives and pick their backgrounds, etc through group policy, I just want it as an access control mechanism - I'd also like it to follow the permissions structure (i.e. block them) if they try to map a drive that they do not have permission to access.

Check the second link I posted. should be what you need to get going.