# Connecting Linux server to Active Directory (old) Edit the file /etc/hosts, add (or edit) the line specifying the FQDN for this host (change it to your host name and \ to the domain name): ``` 127.0.1.1 . ``` It may also be necessary to add the FQDN for the AD server depending on the network settings. ``` . ``` The AD server must be installed as a DNS server for a correct connection to AD. If DHCP is running on your network, as a rule, the administrator has already assigned the correct settings for your server. You can see a list of current DNS in the resolv.conf file: ``` cat /etc/resolv.conf ``` The IP of the AD server will appear as a nameserver. Otherwise, you can manually assign the nameserver. When using DHCP, you cannot modify resolv.conf directly, so it will be necessary to follow a few simple steps. ### Ubuntu 18.04 Let\`s install resolvconf package ``` sudo apt update sudo apt install resolvconf sudo systemctl enable resolvconf.service ``` You will then need to edit the `/etc/resolvconf/resolv.conf.d/head` file. Add the line: ``` nameserver ``` and start ``` sudo systemctl start resolvconf.service ``` ### Centos 7 The following lines should be added ``` PEERDNS=no DNS1= ``` to the file \`/etc/sysconfig/network-scripts/ifcfg-\* Here you need to replace ifcfg-\* with the name of your network interface and restart NetworkManager ``` sudo systemctl restart NetworkManager ``` Check your resolv.conf again to make sure everything is correct ``` cat /etc/resolv.conf ``` Check that the domain name resolves. Note: under Centos 7, it may be required to install the bind-utils package: ``` sudo yum install bind-utils -y ``` ``` nslookup ``` #### Install the necessary packages #### Ubuntu 18.04 ``` sudo apt install realmd samba-common-bin samba-libs sssd-tools krb5-user adcli ``` #### Centos 7 ``` sudo yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y ``` You must confirm the domain during the installation of kerberos, and specify the server name. Let's check that our domain is visible on the network: ``` realm discover ``` Join the machine to a domain: ``` sudo realm --verbose join -U --install=/ ``` If there is no error, everything went fine. You can go to the domain controller and check if our linux server appears in the domain. If the Active Directory server uses self-signed certificates, you need to edit the `ldap.conf` file. In ubuntu it is stored in `/etc/ldap/ldap.conf`, in Centos - `/etc/openldap/ldap.conf`. You should specify (add at the end of the file) this parameter: ``` TLS_REQCERT never ``` ### Installation check For example, to get all users (you have to enter a password): ``` ldapsearch -x -H "ldaps://" -D "@" -W -b "dc=,dc=, ..." "objectCategory=person" name ``` In case we have the hideez.example.com domain and an administrator named "administrator", the command would look like this: ``` ldapsearch -x -H "ldaps://hideez.example.com" -W -D "administrator@hideez.example.com" -b "dc=hideez,dc=example,dc=com" "objectCategory=person" name ``` In case of an error, you can add the -d1 key and read the description of the error. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://enterprise.hideez.com/hideez-enterprise-server/administration/connecting-linux-server-to-active-directory-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.