LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 03-04-2010, 12:56 AM   #1
yasir453
LQ Newbie
 
Registered: Jan 2010
Posts: 27

Rep: Reputation: 15
Smile how can we join a linux system on active directory domain


Hi All,
i have installed RHEL5 on my system.i want to join my system on my organisation s active directory domain.how can i do it?suppose domain name is "abc-xyz"
 
Old 03-04-2010, 01:59 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Id suggest intergrating at LDAP, but you can use Samba / winbind also. What do you actually want to achieve?
 
Old 03-04-2010, 11:10 PM   #3
yasir453
LQ Newbie
 
Registered: Jan 2010
Posts: 27

Original Poster
Rep: Reputation: 15
Post

Quote:
Originally Posted by acid_kewpie View Post
Id suggest intergrating at LDAP, but you can use Samba / winbind also. What do you actually want to achieve?


in our organisation mostly users are window based.they authunticate from active directory domain.now some users are using linux as well.i need the solution the linux users will also authunticate from same active directory domain.
 
Old 03-05-2010, 02:09 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
OK, well, as above, *MY* preferred solution would be for you to install the MS SFU AD Schema extentions which will add posix attributes to AD to allow a full ldap login from any device to be done against it. http://en.wikipedia.org/wiki/Microso...vices_for_UNIX

Many people prefer the samba route, which makes the machine actually "join" the AD domain, as if it were a windows machine. This way, all missing user information (i.e. info required to make a full posix account) is created automatically on a per client machine basis. This is often fine, however a user will not have a consistent UID / GID across multiple machines, which can be a pain if you're doing cleverer things.

In line with the UID data and such, if you do want to install ldap (which is very simple and clean fom the client side, as opposed to samba which can be a bit obscure) then you can fudge UID's on the client side ldap configuration in a similar way to create the data that isn't in AD.
 
Old 03-05-2010, 12:51 PM   #5
ms233
LQ Newbie
 
Registered: Feb 2010
Posts: 4

Rep: Reputation: 1
Quote:
Originally Posted by yasir453 View Post
in our organisation mostly users are window based.they authunticate from active directory domain.now some users are using linux as well.i need the solution the linux users will also authunticate from same active directory domain.
You can simply turn on Kerberos authentication if you just need the linux users to be able to authenticate AD.

# system-config-authentication

Authentication tab

Checkbox to Enable Kerberos Support

Configure Kerberos button

in the Realm box goes your domain name in UPPER CASE.

in KDCs and Admin Servers I put nothing.

I check both "Use DNS to resolve hosts to realms" and "Use DNS to locate KDCs for realms".

After that, if I create local accounts with the same username as an AD account, I am able to use the AD password.
 
Old 03-05-2010, 02:43 PM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
You should never use DNS to resolve the KDC, big security flaw there. If you don't even know the IP of your domain controllers, you deserve everything you get. ;-)
 
Old 03-16-2010, 07:20 AM   #7
mrsmith317
LQ Newbie
 
Registered: Mar 2010
Posts: 4

Rep: Reputation: 0
Quote:
Originally Posted by ms233 View Post
in KDCs and Admin Servers I put nothing.

I check both "Use DNS to resolve hosts to realms" and "Use DNS to locate KDCs for realms".
You can put in your domain name eg EXAMPLE.COM in as the KDC/Admin server and it will work more effectively than using DNS to lookup realms. Using a static IP for your KDC with multiple domain controllers is a bad idea. What happens if that particular server goes down?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Join Linux to Windows 2003 Active Directory Problem wearetherock Linux - Server 3 07-02-2008 01:14 PM
Join Samba to Active Directory Domain xudonw1 Debian 0 05-04-2007 08:17 AM
LXer: Linux servers join with Active Directory LXer Syndicated Linux News 0 01-24-2007 04:33 AM
How a linux machine join Microsoft Active Directory mskingdom Linux - Networking 2 11-06-2006 02:05 PM
Linux in a Active Directory Domain kemplej Linux - Software 5 09-06-2005 10:12 AM


All times are GMT -5. The time now is 09:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration