How to Join Linux RHEL Machine to Active Directory Environment

Windows Active Directory environment is using for management of users and Windows machines. However, there are computers other than Microsoft, so we need to join Linux machines to our Active Directory environment sometimes.

First, we need to tell our machines what is our domain name. Secondly, we need to specify our DC’s fqdn on our hosts file. Then we will use Samba protocol and user who has some domain admin rights.

Before we start, you need to be sure that your machine’s hostname by using

hostname

Then be sure that your domain name is defined while setting up your machine. I am using nmtui command to go my network settings.

nmtui

Go to “Edit a connection” page. And edit your network settings. You need to add

• DNS Servers
• Search domains

save and close the current settings.

Then, now, we install Samba packages to make our machine to talk our Domain Controller.

You can check is Samba is already installed.

rpm -qa | grep samba

We install the following packages.

yum install realmd oddjob-mkhomedir oddjob samba-winbind-clients \
samba-winbind samba-common-tools samba-winbind-krb5-locator

To share directories or printers on the domain member, install samba package.

yum install samba

Before editing samba configuration file, we backup this file.

cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

realm join --membership-software=samba --client-software=winbind ad.example.com

Realm utility provides the following utilities:

• Creates a /etc/samba/smb.conf file for a membership in the ad.example.com domain
• Adds the winbind module for user and group lookups to the /etc/nsswitch.conf file
• Updates the Pluggable Authentication Module (PAM) configuration files in the /etc/pam.d/ directory
• Starts the winbind service and enables the service to start when the system boots

We need to edit smb.conf file. The important part is below the [global] section:

The other important file ins /etc/krb5.conf

Edit this file and add the following part.

[plugins]
    localauth = {
        module = winbind:/usr/lib64/samba/krb5/winbind_krb5_localauth.so
        enable_only = winbind
    }

Also you need to edit [realms] and [domain_realm] part.

[realms]
YOURDOMAINNAME.COM{
kdc = DC.Domain.Com :88
admin_server = DC.domain.com
}

[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM

I recommend that backup both krb5.conf and smb.conf files.

After all we can add this machine to our domain by using net join utility.

We need a domain admin account for this part.

net ads join -U [DomainAdmin] -S DC.DOMAINNAME

DC.DOMAINNAME means our predefined domain controller machine.