Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of how Linux joins the AD domain in Windows, the content is detailed and easy to understand, the operation is simple and fast, and it has a certain reference value. I believe you will have something to gain after reading this article on how to join the AD domain in Linux. Let's take a look.

The full name of AD is Active Directory. Ad domains are independent units in the Windows network, and mutual access between domains requires the establishment of a trust relationship (that is, Trust Relation). Trust relationship is a bridge between domains. The two domains can not only manage each other as needed, but also distribute equipment resources such as files and printers across the network, so as to realize the sharing and management of network resources, as well as mutual communication and data transmission between different domains.

1. Install the required software:

# yum-y install samba samba-client samba-common samba-winbind samba-winbind-clients krb5-workstation ntpdate

2. Set the service to start itself and start the service:

# chkconfig smb on# chkconfig winbind on# service smb start# service winbind start

3. Modify the / etc/hosts file and add the corresponding record of the host:

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.2.150 lemon20.contoso.com lemon20

4. Set the DNS address and synchronize time with the AD server:

# echo "nameserver 192.168.2.122" > > / etc/resolv.conf# ntpdate ad.contoso.com

5. Set Kerberos ticket (optional):

Destroy all existing bills:

# kdestroy

Check to see if there is still a ticket:

# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)

Generate a new ticket and pay attention to the uppercase domain name.

# kinit administrator@CONTOSO.COM# klistTicket cache: FILE:/tmp/krb5cc_0Default principal: administrator@CONTOSO.COMValid starting Expires Service principal08/02/16 22:35:26 08/03/16 08:35:29 krbtgt/CONTOSO.COM@CONTOSO.COMrenew until 08/09/16 22:35:26

6. Set samba and Kerberos by command, and join the AD domain:

# authconfig-- enablewinbind-- enablewins-- enablewinbindauth-- smbsecurity ads-- smbworkgroup=CONTOSO-- smbservers=ad.contoso.com-- enablekrb5-- krb5realm=CONTOSO.COM-- krb5kdc=ad.contoso.com-- krb5adminserver=ad.contoso.com-- enablekrb5kdcdns-- enablekrb5realmdns-- enablewinbindoffline-- winbindtemplateshell=/bin/bash-winbindjoin=administrator-- update-- enablelocauthorize-- enablemkhomedir-- enablewinbindusedefaultdomain

Note the case in the command, which can also be done using authconfig-tui.

7. Add sudo permissions (optional):

# visudo

Add the following settings:

% MYDOMAIN\\ domain\ admins ALL= (ALL) NOPASSWD: ALL

8. Confirm whether to join the AD domain correctly:

View information about AD

# net ads info

View the user account for MYDOMAIN\ USERID

# wbinfo-u

Add:

If you enable selinux, you need to install oddjobmkhomedir and start its services to ensure that the system sets the appropriate SELinux security context for the home directory you create.

This is the end of the article on "how to join the AD domain of Linux in Windows". Thank you for reading! I believe you all have a certain understanding of "how to join the AD domain of Linux in Windows". If you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.