How to Join Linux RHEL Machine to Active Directory Environment
Windows Active Directory environment is using for management of users and Windows machines. However, there are computers other than Microsoft, so we need to join Linux machines to our Active Directory environment sometimes.
First, we need to tell our machines what is our domain name. Secondly, we need to specify our DC’s fqdn on our hosts file. Then we will use Samba protocol and user who has some domain admin rights.
Before we start, you need to be sure that your machine’s hostname by using
hostname
Then be sure that your domain name is defined while setting up your machine. I am using nmtui command to go my network settings.
nmtui
Go to “Edit a connection” page. And edit your network settings. You need to add
- DNS Servers
- Search domains
save and close the current settings.
Then, now, we install Samba packages to make our machine to talk our Domain Controller.
You can check is Samba is already installed.
rpm -qa | grep samba
We install the following packages.
yum install realmd oddjob-mkhomedir oddjob samba-winbind-clients \
samba-winbind samba-common-tools samba-winbind-krb5-locator
To share directories or printers on the domain member, install samba package.
yum install samba
Before editing samba configuration file, we backup this file.
cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
realm join --membership-software=samba --client-software=winbind ad.example.com
Realm utility provides the following utilities:
- Creates a
/etc/samba/smb.conf
file for a membership in thead.example.com
domain - Adds the
winbind
module for user and group lookups to the/etc/nsswitch.conf
file - Updates the Pluggable Authentication Module (PAM) configuration files in the
/etc/pam.d/
directory - Starts the
winbind
service and enables the service to start when the system boots
We need to edit smb.conf file. The important part is below the [global] section:
The other important file ins /etc/krb5.conf
Edit this file and add the following part.
[plugins]
localauth = {
module = winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
enable_only = winbind
}
Also you need to edit [realms] and [domain_realm] part.
[realms]
YOURDOMAINNAME.COM{
kdc = DC.Domain.Com :88
admin_server = DC.domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
I recommend that backup both krb5.conf and smb.conf files.
After all we can add this machine to our domain by using net join utility.
We need a domain admin account for this part.
net ads join -U [DomainAdmin] -S DC.DOMAINNAME
DC.DOMAINNAME means our predefined domain controller machine.