# Connecting Linux server to Active Directory {% hint style="info" %} This guide outlines the steps to connect a Linux server to an Active Directory (AD) domain. The process varies slightly between Ubuntu and CentOS distributions. {% endhint %} *** #### **1. Edit /etc/hosts File** Edit the `/etc/hosts` file to add or update the Fully Qualified Domain Name (FQDN) for the host: ```bash bashCopy code127.0.1.1 . ``` You may also need to add the FQDN for the AD server: ```bash bashCopy code . ``` Ensure the AD server is installed as a DNS server for proper connectivity. Check the current DNS settings with: ```bash bashCopy codecat /etc/resolv.conf ``` *** #### **2. Configure DNS Settings** **Ubuntu 18.04** 1. **Install resolvconf package**: ```bash bashCopy codesudo apt update sudo apt install resolvconf sudo systemctl enable resolvconf.service ``` 2. **Edit the `/etc/resolvconf/resolv.conf.d/head` file** to add the line: ```bash bashCopy codenameserver ``` 3. **Start the resolvconf service**: ```bash bashCopy codesudo systemctl start resolvconf.service ``` **CentOS 7** 1. **Add the following lines to the network interface configuration** (replace `ifcfg-*` with your actual network interface): ```bash bashCopy codePEERDNS=no DNS1= ``` 2. **Restart the NetworkManager**: ```bash bashCopy codesudo systemctl restart NetworkManager ``` 3. **Check `/etc/resolv.conf` again**: ```bash bashCopy codecat /etc/resolv.conf ``` 4. **(Optional) Install bind-utils**: ```bash bashCopy codesudo yum install bind-utils -y ``` 5. **Verify domain resolution**: ```bash bashCopy codenslookup ``` *** #### **3. Install Necessary Packages** **Ubuntu 18.04** ```bash bashCopy codesudo apt install realmd samba-common-bin samba-libs sssd-tools krb5-user adcli ``` **CentOS 7** ```bash bashCopy codesudo yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y ``` During the installation of Kerberos, confirm the domain and specify the server name. *** #### **4. Discover the Domain** Check if the domain is visible on the network: ```bash bashCopy coderealm discover ``` *** #### **5. Join the Domain** To join the machine to the domain, use: ```bash bashCopy codesudo realm --verbose join -U --install=/ ``` If there are no errors, the server should now appear in the domain controller. *** #### **6. Update ldap.conf for Self-Signed Certificates** If the Active Directory server uses self-signed certificates, edit the `ldap.conf` file: * **Ubuntu**: `/etc/ldap/ldap.conf` * **CentOS**: `/etc/openldap/ldap.conf` Add the following parameter at the end of the file: ```bash bashCopy codeTLS_REQCERT never ``` *** #### **7. Installation Check** To retrieve all users, execute the following command (you will need to enter a password): ```bash bashCopy codeldapsearch -x -H "ldaps://" -D "@" -W -b "dc=,dc=, ..." "objectCategory=person" name ``` For example, if your domain is `hideez.example.com` and your administrator is named "administrator", the command would look like this: ```bash bashCopy codeldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name ``` #### **8. Troubleshooting** If you encounter an error, add the `-d1` option to the command to get detailed error information. ```bash bashCopy codeldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name -d1 ``` *** {% hint style="info" %} By following these steps, you should successfully connect your Linux server to an Active Directory environment. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://enterprise.hideez.com/hideez-enterprise-server/administration/connecting-linux-server-to-active-directory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.