Manually join a Linux Machine to Active Directory using Winbind
These steps have been tested on the following platforms:
a) Centos 8 / Centos Stream 8
b) AlmaLinux 8
c) Rocky Linux 8
d) RHEL 8
STEPS
1. Login to your Linux machine and update it.
# yum -y update
2. Install the required Samba and Winbind packages on your Linux imachine.
# yum -y install authconfig samba samba-client samba-winbind samba-winbind-clients
3. Edit the smb.conf file and insert/replace with below content. First make a backup of the original file, then edit the file.
# cp /etc/samba/smb.conf /etc/samba/smb.ORIG
# vim /etc/samba/smb.conf
Replace you global section with the content below. Alternatively you can comment all lines in the default global section. Replace example with your actual domain name.
[global]
workgroup = example
security = ads
realm = example.com
idmap config * : rangesize = 1000000
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
winbind enum users = no
winbind enum groups = no
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = false
4. Make sure you have added your IP and hostname to /etc/hosts (NOTE: Its not mandatory but you might get warning error messages in the next step)
# vim /etc/hosts
Add your Linux server IP address as follows:
192.XX.XX.XX yourhostname.example.com yourhostname
5. Ensure winbind service is running.
# systemctl status winbind
6. Join your Linux machine to Active Directory using the net utility.
# net ads join -U jo**********@ex*****.com
7. Add the necessary entries for winbind authentication. Run the command below
# authconfig --enablewinbind --enablewinbindauth --enablemkhomedir --update
8. You can now connect to your server from another instance.
$ ssh example\\username@linux-IP
OR
$ ssh us******@ex*****.com@linux-IP
Kindly comment below if it works for you.
Thank you so much again!
This worked on CentOS 7!
One thing i did differently, is to run the
sudo systemctl start winbind
right after the the installation of
sudo yum -y install authconfig samba samba-client samba-winbind samba-winbind-clients
The reason for that, .. for some reason, last time, after making the modifications windbind kept returning error and wasn’t starting up, so this time I did before I can make any changes to the system, and it ran without any issues.
So, after everything went smoothly, user will need to login with their us******@ex*****.com to the machine. I managed to do this with Ubuntu following your Ubuntu tutorial and removed the necessary “@example.com” . I wonder if it’s possible with this tutorial as well?
Thanks again!
Thank you for sharing your experience with us! I’m thrilled to hear that the tutorial worked for you on CentOS 7. Your tip about starting winbind before making any modifications is really helpful, and I’ll be sure to update the tutorial to reflect that. As for logging in with the us******@ex*****.com format, it should be possible with this tutorial as well. I’ll make sure to include a step-by-step guide in the update. Thanks again for your feedback.