# Connecting Linux server to Active Directory {% hint style="info" %} This guide outlines the steps to connect a Linux server to an Active Directory (AD) domain. The process varies slightly between Ubuntu and CentOS distributions. {% endhint %} *** #### **1. Edit /etc/hosts File** Edit the `/etc/hosts` file to add or update the Fully Qualified Domain Name (FQDN) for the host: ```bash bashCopy code127.0.1.1 . ``` You may also need to add the FQDN for the AD server: ```bash bashCopy code . ``` Ensure the AD server is installed as a DNS server for proper connectivity. Check the current DNS settings with: ```bash bashCopy codecat /etc/resolv.conf ``` *** #### **2. Configure DNS Settings** **Ubuntu 18.04** 1. **Install resolvconf package**: ```bash bashCopy codesudo apt update sudo apt install resolvconf sudo systemctl enable resolvconf.service ``` 2. **Edit the `/etc/resolvconf/resolv.conf.d/head` file** to add the line: ```bash bashCopy codenameserver ``` 3. **Start the resolvconf service**: ```bash bashCopy codesudo systemctl start resolvconf.service ``` **CentOS 7** 1. **Add the following lines to the network interface configuration** (replace `ifcfg-*` with your actual network interface): ```bash bashCopy codePEERDNS=no DNS1= ``` 2. **Restart the NetworkManager**: ```bash bashCopy codesudo systemctl restart NetworkManager ``` 3. **Check `/etc/resolv.conf` again**: ```bash bashCopy codecat /etc/resolv.conf ``` 4. **(Optional) Install bind-utils**: ```bash bashCopy codesudo yum install bind-utils -y ``` 5. **Verify domain resolution**: ```bash bashCopy codenslookup ``` *** #### **3. Install Necessary Packages** **Ubuntu 18.04** ```bash bashCopy codesudo apt install realmd samba-common-bin samba-libs sssd-tools krb5-user adcli ``` **CentOS 7** ```bash bashCopy codesudo yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y ``` During the installation of Kerberos, confirm the domain and specify the server name. *** #### **4. Discover the Domain** Check if the domain is visible on the network: ```bash bashCopy coderealm discover ``` *** #### **5. Join the Domain** To join the machine to the domain, use: ```bash bashCopy codesudo realm --verbose join -U --install=/ ``` If there are no errors, the server should now appear in the domain controller. *** #### **6. Update ldap.conf for Self-Signed Certificates** If the Active Directory server uses self-signed certificates, edit the `ldap.conf` file: * **Ubuntu**: `/etc/ldap/ldap.conf` * **CentOS**: `/etc/openldap/ldap.conf` Add the following parameter at the end of the file: ```bash bashCopy codeTLS_REQCERT never ``` *** #### **7. Installation Check** To retrieve all users, execute the following command (you will need to enter a password): ```bash bashCopy codeldapsearch -x -H "ldaps://" -D "@" -W -b "dc=,dc=, ..." "objectCategory=person" name ``` For example, if your domain is `hideez.example.com` and your administrator is named "administrator", the command would look like this: ```bash bashCopy codeldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name ``` #### **8. Troubleshooting** If you encounter an error, add the `-d1` option to the command to get detailed error information. ```bash bashCopy codeldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name -d1 ``` *** {% hint style="info" %} By following these steps, you should successfully connect your Linux server to an Active Directory environment. {% endhint %}