Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to let the Linux machine join the AD domain of Windows. The introduction in this article is very detailed and has certain reference value. Interested friends must read it!

First, let's give a brief introduction to the AD domain. Since Windows 2000, AD has been the authentication and directory service of Windows. AD implements its functions based on LDAP, using DNS for hostname resolution, Kerberos V5 for user authentication, and LDAP V3 for unified account management.

Goal: join the Linux server to the AD in the AD domain so that members of the Domain Admins user group can log in and operate the Linux server without the need to establish an account in the Linux server.

Environment: a Windows Server 2012 R2 operating system server with AD installed as a domain controller Domain Controller (DC), as well as a DNS server and a time server; a RedHat Enterprise Linux 6.x server, please configure your own network and YUM source. With regard to the construction of AD domain servers, as it is relatively simple, please consult the data by yourself. I will not elaborate on it here.

Here, the Windows server address is 192.168.2.122, the domain name is contoso.com, the host name is ad.contoso.com;Linux server address is 192.168.2.150, and the host name is lemon20.contoso.com.

1. Install the required software:

# yum-y install samba samba-client samba-common samba-winbind samba-winbind-clients krb5-workstation ntpdate

2. Set the service to start itself and start the service:

# chkconfig smb on # chkconfig winbind on # service smb start # service winbind start

3. Modify the / etc/hosts file and add the corresponding record of the host:

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4:: 1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.2.150 lemon20.contoso.com lemon20

4. Set the DNS address and synchronize time with the AD server:

# echo "nameserver 192.168.2.122" > > / etc/resolv.conf # ntpdate ad.contoso.com

5. Set Kerberos ticket (optional):

Destroy all existing bills:

# kdestroy

Check to see if there is still a ticket:

# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)

Generate a new ticket and pay attention to the uppercase domain name.

# kinit administrator@CONTOSO.COM # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administrator@CONTOSO.COM Valid starting Expires Service principal 08/02/16 22:35:26 08/03/16 08:35:29 krbtgt/CONTOSO.COM@CONTOSO.COM renew until 08/09/16 22:35:26

6. Set samba and Kerberos by command, and join the AD domain:

# authconfig-- enablewinbind-- enablewins-- enablewinbindauth-- smbsecurity ads-- smbworkgroup=CONTOSO-- smbservers=ad.contoso.com-- enablekrb5-- krb5realm=CONTOSO.COM-- krb5kdc=ad.contoso.com-- krb5adminserver=ad.contoso.com-- enablekrb5kdcdns-- enablekrb5realmdns-- enablewinbindoffline-- winbindtemplateshell=/bin/bash-winbindjoin=administrator-- update-- enablelocauthorize-- enablemkhomedir-- enablewinbindusedefaultdomain

Note the case in the command, which can also be done using authconfig-tui.

7. Add sudo permissions (optional):

# visudo

Add the following settings:

% MYDOMAIN\\ domain\ admins ALL= (ALL) NOPASSWD: ALL

8. Confirm whether to join the AD domain correctly:

View information about AD

# net ads info

View the user account for MYDOMAIN\ USERID

# wbinfo-u above are all the contents of the article "how to make a Linux machine join the AD domain of Windows". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.