H
H
Hideez Authentication Service (EN)
Search…
H
H
Hideez Authentication Service (EN)
v3.11
Hideez Authentication Service for Enterprises
Quick Start Guides
Key features of the Hideez Authentication Service in 5 minutes
Admin Guide (first steps)
Admin Guide (advanced steps)
User Guide – first steps with the Hideez Client
User Guide – first steps with the Hideez Client (for PCs without internal Bluetooth)
User Guide (advanced steps with the Hideez Client)
FIDO2 and U2F Authentication Guide
Guide for Pilot projects
Use cases
End user Use cases
Admin cases
Hideez Enterprise Server
Glossary
Deployment
Administration
How to change the password for an administrator account?
How to recover a forgotten admin password?
Adding an admin account
Deleting an admin account
How to enable two-factor authentication at the Hideez Enterprise Server?
Authorization on the HES server via a FIDO key
Platform authentication on the HES server
Connecting Linux server to Active Directory
Setting HES server parameters
Configuring DNS server
How to create and set Device Access Profiles
How to manage companies and departments?
How to manage Positions?
Enable load balancing
Data Protection
Dashboard
Employees
Workstations
Hardware Vaults
Accounts
Keys Management
Audit
Licenses
Configuring SAML Protocol
Hideez Client App
Windows Client deployment
Application interface
Account management
Shortcuts
Remote Vault connection
Experimental settings section
Mobile Authenticator
Troubleshooting
Hideez Key (Enterprise Edition)
Technical Specifications
Principles of operation
Device Layout
Battery maintenance
Hideez Key modes
How to update the Hideez Key (Enterprise) firmware
How to enter credentials with the Hideez Key
How to unlock PC
Key for Physical doors
Product Updates
Hideez Authentication Service Update
Hideez Key firmware updates
Hideez Client updates
API
Hideez Enterprise Server web API
FAQ
Hideez Enterprise Server
Hideez Key
Documentation portal
Powered By GitBook
Connecting Linux server to Active Directory
Hideez Enterprise Server – Connecting Linux server to Active Directory
Edit the file /etc/hosts, add (or edit) the line specifying the FQDN for this host (change it to your host name and <Domain_Name> to the domain name):
1
127.0.1.1 <hostname>.<Domain_Name> <hostname>
Copied!
It may also be necessary to add the FQDN for the AD server depending on the network settings.
1
<server_ip> <Server_Name>.<Domain_Name> <Server_Name>
Copied!
The AD server must be installed as a DNS server for a correct connection to AD. If DHCP is running on your network, as a rule, the administrator has already assigned the correct settings for your server. You can see a list of current DNS in the resolv.conf file:
1
cat /etc/resolv.conf
Copied!
The IP of the AD server will appear as a nameserver. Otherwise, you can manually assign the nameserver. When using DHCP, you cannot modify resolv.conf directly, so it will be necessary to follow a few simple steps.

Ubuntu 18.04

Let`s install resolvconf package
1
sudo apt update
2
sudo apt install resolvconf
3
sudo systemctl enable resolvconf.service
Copied!
You will then need to edit the /etc/resolvconf/resolv.conf.d/head file. Add the line:
1
nameserver <server_ip>
Copied!
and start
1
sudo systemctl start resolvconf.service
Copied!

Centos 7

The following lines should be added
1
PEERDNS=no
2
DNS1=<server_ip>
Copied!
to the file `/etc/sysconfig/network-scripts/ifcfg-* Here you need to replace ifcfg-* with the name of your network interface and restart NetworkManager
1
sudo systemctl restart NetworkManager
Copied!
Check your resolv.conf again to make sure everything is correct
1
cat /etc/resolv.conf
Copied!
Check that the domain name resolves. Note: under Centos 7, it may be required to install the bind-utils package:
1
sudo yum install bind-utils -y
Copied!
1
nslookup <Domain_Name>
Copied!
Install the necessary packages

Ubuntu 18.04

1
sudo apt install realmd samba-common-bin samba-libs sssd-tools krb5-user adcli
Copied!

Centos 7

1
sudo yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
Copied!
You must confirm the domain during the installation of kerberos, and specify the server name. Let's check that our domain is visible on the network:
1
realm discover <Domain_Name>
Copied!
Join the machine to a domain:
1
sudo realm --verbose join <Domain_Name> -U <YourDomainAdmin> --install=/
Copied!
If there is no error, everything went fine. You can go to the domain controller and check if our linux server appears in the domain. If the Active Directory server uses self-signed certificates, you need to edit the ldap.conf file. In ubuntu it is stored in /etc/ldap/ldap.conf, in Centos - /etc/openldap/ldap.conf. You should specify (add at the end of the file) this parameter:
1
TLS_REQCERT never
Copied!

Installation check

For example, to get all users (you have to enter a password):
1
ldapsearch -x -H "ldaps://<Domain_Name>" -D "<YourDomainAdmin>@<Domain_Name>" -W -b "dc=<dc>,dc=<dc>, ..." "objectCategory=person" name
Copied!
In case we have the hideez.example.com domain and an administrator named "administrator", the command would look like this:
1
ldapsearch -x -H "ldaps://hideez.example.com" -W -D "[email protected]" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name
Copied!
In case of an error, you can add the -d1 key and read the description of the error.
Previous
Platform authentication on the HES server
Next
Setting HES server parameters
Last modified 4mo ago
Copy link
Contents
Ubuntu 18.04
Centos 7
Installation check