3.16.8

Connecting Linux server to Active Directory

Hideez Enterprise Server – Connecting Linux Server to Active Directory

This guide outlines the steps to connect a Linux server to an Active Directory (AD) domain. The process varies slightly between Ubuntu and CentOS distributions.

1. Edit /etc/hosts File

Edit the /etc/hosts file to add or update the Fully Qualified Domain Name (FQDN) for the host:

bashCopy code127.0.1.1       <hostname>.<Domain_Name>  <hostname>

You may also need to add the FQDN for the AD server:

bashCopy code<server_ip>       <Server_Name>.<Domain_Name>  <Server_Name>

Ensure the AD server is installed as a DNS server for proper connectivity. Check the current DNS settings with:

bashCopy codecat /etc/resolv.conf

2. Configure DNS Settings

Ubuntu 18.04

  1. Install resolvconf package:

    bashCopy codesudo apt update
sudo apt install resolvconf
sudo systemctl enable resolvconf.service

  2. Edit the /etc/resolvconf/resolv.conf.d/head file to add the line:

    bashCopy codenameserver  <server_ip>

  3. Start the resolvconf service:

    bashCopy codesudo systemctl start resolvconf.service

CentOS 7

  1. Add the following lines to the network interface configuration (replace ifcfg-* with your actual network interface):

    bashCopy codePEERDNS=no
DNS1=<server_ip>

  2. Restart the NetworkManager:

    bashCopy codesudo systemctl restart NetworkManager

  3. Check /etc/resolv.conf again:

    bashCopy codecat /etc/resolv.conf

  4. (Optional) Install bind-utils:

    bashCopy codesudo yum install bind-utils -y

  5. Verify domain resolution:

    bashCopy codenslookup <Domain_Name>

3. Install Necessary Packages

Ubuntu 18.04

bashCopy codesudo apt install realmd samba-common-bin samba-libs sssd-tools krb5-user adcli

CentOS 7

bashCopy codesudo yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y

During the installation of Kerberos, confirm the domain and specify the server name.

4. Discover the Domain

Check if the domain is visible on the network:

bashCopy coderealm discover <Domain_Name>

5. Join the Domain

To join the machine to the domain, use:

bashCopy codesudo realm --verbose join <Domain_Name> -U <YourDomainAdmin> --install=/

If there are no errors, the server should now appear in the domain controller.

6. Update ldap.conf for Self-Signed Certificates

If the Active Directory server uses self-signed certificates, edit the ldap.conf file:

  • Ubuntu: /etc/ldap/ldap.conf

  • CentOS: /etc/openldap/ldap.conf

Add the following parameter at the end of the file:

bashCopy codeTLS_REQCERT never

7. Installation Check

To retrieve all users, execute the following command (you will need to enter a password):

bashCopy codeldapsearch -x -H "ldaps://<Domain_Name>" -D "<YourDomainAdmin>@<Domain_Name>" -W -b "dc=<dc>,dc=<dc>, ..." "objectCategory=person" name

For example, if your domain is hideez.example.com and your administrator is named "administrator", the command would look like this:

bashCopy codeldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name

8. Troubleshooting

If you encounter an error, add the -d1 option to the command to get detailed error information.

bashCopy codeldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name -d1

By following these steps, you should successfully connect your Linux server to an Active Directory environment.

PreviousPlatform authentication on the HES serverNextSetting HES server parameters

Last updated