Connecting Linux server to Active Directory

IPI Enterprise Server – Connecting Linux Server to Active Directory

This guide outlines the steps to connect a Linux server to an Active Directory (AD) domain. The process varies slightly between Ubuntu and CentOS distributions.

1. Edit /etc/hosts File

Edit the /etc/hosts file to add or update the Fully Qualified Domain Name (FQDN) for the host:

bashCopy code127.0.1.1       <hostname>.<Domain_Name>  <hostname>

You may also need to add the FQDN for the AD server:

bashCopy code<server_ip>       <Server_Name>.<Domain_Name>  <Server_Name>

Ensure the AD server is installed as a DNS server for proper connectivity. Check the current DNS settings with:

bashCopy codecat /etc/resolv.conf

2. Configure DNS Settings

Ubuntu 18.04

Install resolvconf package:

bashCopy codesudo apt update
sudo apt install resolvconf
sudo systemctl enable resolvconf.service

Edit the /etc/resolvconf/resolv.conf.d/head file to add the line:
```
bashCopy codenameserver  <server_ip>
```

Start the resolvconf service:

bashCopy codesudo systemctl start resolvconf.service

CentOS 7

Add the following lines to the network interface configuration (replace ifcfg-* with your actual network interface):
```
bashCopy codePEERDNS=no
DNS1=<server_ip>
```

Restart the NetworkManager:

bashCopy codesudo systemctl restart NetworkManager

Check /etc/resolv.conf again:
```
bashCopy codecat /etc/resolv.conf
```

(Optional) Install bind-utils:

bashCopy codesudo yum install bind-utils -y

Verify domain resolution:
```
bashCopy codenslookup <Domain_Name>
```

3. Install Necessary Packages

Ubuntu 18.04

bashCopy codesudo apt install realmd samba-common-bin samba-libs sssd-tools krb5-user adcli

CentOS 7

bashCopy codesudo yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y

During the installation of Kerberos, confirm the domain and specify the server name.

4. Discover the Domain

Check if the domain is visible on the network:

bashCopy coderealm discover <Domain_Name>

5. Join the Domain

To join the machine to the domain, use:

bashCopy codesudo realm --verbose join <Domain_Name> -U <YourDomainAdmin> --install=/

If there are no errors, the server should now appear in the domain controller.

6. Update ldap.conf for Self-Signed Certificates

If the Active Directory server uses self-signed certificates, edit the ldap.conf file:

Ubuntu: /etc/ldap/ldap.conf
CentOS: /etc/openldap/ldap.conf

Add the following parameter at the end of the file:

bashCopy codeTLS_REQCERT never

7. Installation Check

To retrieve all users, execute the following command (you will need to enter a password):

bashCopy codeldapsearch -x -H "ldaps://<Domain_Name>" -D "<YourDomainAdmin>@<Domain_Name>" -W -b "dc=<dc>,dc=<dc>, ..." "objectCategory=person" name

For example, if your domain is ipi.example.com and your administrator is named "administrator", the command would look like this:

bashCopy codeldapsearch -x -H "ldaps://ipi.example.com" -W -D "[email protected]" -b "dc=ipi,dc=example,dc=com" "objectCategory=person" name

8. Troubleshooting

If you encounter an error, add the -d1 option to the command to get detailed error information.

bashCopy codeldapsearch -x -H "ldaps://ipi.example.com" -W -D "[email protected]" -b "dc=ipi,dc=example,dc=com" "objectCategory=person" name -d1

By following these steps, you should successfully connect your Linux server to an Active Directory environment.

PreviousPlatform authentication on the IES server NextSetting IPI Server parameters

Last updated 2 days ago