Does anybody have any experience with joining linux machines to an AD Domain? Most specifically, does anybody have any experience with Centrify Express?
I am looking to have a linux machine in our office that allows users to log in with their AD creds.
Watching this thread.
I too have tried to hookup a linux box with AD; but to no avail.
I think this depends on what version of AD DS, i read they had removed some linux based functionality, but i dont know if it was specific to Ad authentication.
There's a tonne of info out there though, it would be good to know exactly what you've tried or are trying to accomplish.
RH has this info https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/introduction.html
I've been using FreeIPA, so unfortunately I can't help much.
This page may be of use to you:
https://help.ubuntu.com/community/LDAPClientAuthentication
I'm not a pro with AD, but you should be able to use LDAP protocol to connect to AD DS if I remember correctly.
Disclaimer: I haven't touched a windows machine for years.
At work I joined our Ubuntu server to AD but it is not acting as an AD server but more like a workstation for user auth for Nextcloud. I have not used centrify express. Its been a minute since I set it up so I dont remember the exact details but I set up samba and winbind and in my smb.conf are winbind entries which are whats needed to get it connected.
Heres an older tutorial https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto
I can share my config if you need.
EDIT: Heres a much newer tut that I think is probably better.
https://www.tecmint.com/join-ubuntu-to-active-directory-domain-member-samba-winbind/
The downside to linux is its so stable its "set and forget". I did this once and would probably have to re-learn everything I did over again because its been a year since I did it. Well that, and I'm still very much a scrub to linux. Also for reference I am using Ubuntu 16.04 LTS and Server 2012 R2. I remember it being a pain in the ass to get working but it has since been great.
I personally like to just add kerberos authentication to have more control of who can't login to my linux servers. (aka, i have to manually add your AD userid for you be able to login with your AD creds using kerberos)
I have also played around with straight ldap users and ldap auth...
along with ldap users with kerberos auth...
both ldap and ldaps...
Straight kerberos with local users is the easiest / quickest to setup.
Another good option is winbind with kerberos auth.
Where i work its Windows only. I only handle T1 and T2 support. We are forbade from messing with the servers, we can only mess with clients with limited freedom.
That is why I am interested in seeing how one could get a linux box going on a mostly pure windows AD environment.
All I needed in my setup were valid creds to join.
So here's a better description of what's going on:
I have all windows servers and machines in my office - I'd like to set up a linux desktop (not as a server) that can be used by employees to log in with their creds. I dont necessarily need this integration to automatically map their drives and pick their backgrounds, etc through group policy, I just want it as an access control mechanism - I'd also like it to follow the permissions structure (i.e. block them) if they try to map a drive that they do not have permission to access.
Check the second link I posted. should be what you need to get going.