How to Join Rocky Linux 9 into Windows Active Directory

Home 2022 September 22 How to Join Rocky Linux 9 into Windows Active Directory

feel free to email us    info@zmatech.com

, , Linux, Servers, 0

Join Rocky Linux 9 / Alma Linux 9 / Centos Stream 9 / REHL 9 into Windows Active Directory Domain using Samba Winbind.

Learn how to seamlessly connect your Linux machines to Windows domain controllers using Samba Winbind. This guide provides simple step-by-step instructions to help you integrate Rocky Linux 9, Alma Linux 9, CentOS Stream 9, or RHEL 9 with a Windows Active Directory Domain.

NOTE: Although these steps may also be applicable to version 8, they were specifically tested on version 9.

Here are the simple steps to do this:

  1. Install winbind 
    # dnf -y install samba-winbind samba-winbind-clients oddjob-mkhomedir

  2. Configure your kerberos as below. 
    # cp /etc/krb5.conf /etc/krb5.conf-ORIG
    # vi /etc/krb5.conf

    # line 20 : uncomment and specify Realm

    default_realm = ZMATECH

    # line 24-28 : uncomment and specify Realm and Hostname of AD

    [realms]
    ZMATECH = {
    kdc = zmatech.com
    admin_server = zmatech.com
    }

    NOTE: Replace ZMATECH and zmatech.com above to your respective domain names.

  3. Configure samba. 
    #  cp /etc/samba/smb.conf /etc/samba/smb.conf-ORIG
    # vi /etc/samba/smb.conf

    # Remove or comment out the [global] section of the smb.conf file, replace it with the below content.
    # replace [realm] and [workgroup] for your environment

    [global]
    kerberos method = secrets and keytab
    realm = ZMATECH.COM
    workgroup = ZMATECH
    security = ads
    template shell = /bin/bash
    winbind enum groups = Yes
    winbind enum users = Yes
    idmap config * : rangesize = 1000000
    idmap config * : range = 1000000-19999999
    idmap config * : backend = autorid

  4. Run below winbind commands and enable oddjobd service. 
    # authselect select winbind --force
    # authselect enable-feature with-mkhomedir
    # systemctl enable  --now oddjobd

  5. Join your Linux box to AD.
    NOTE:  The administrator must be a user in AD with privileges to add a device to AD.  Therefore replace administrator appropriately.  
    # net ads join -U Administrator

    6. Ignore any DNS related errors.

  6. Enable winbind 
    # systemctl enable --now winbind

    7. Thats it!! You have connected your linux box to AD.

  7. Connect to server:
    From mac or linux terminal, ssh to the server as follows: 
    $ ssh ZMATECH\\username@your-linux-box-ip
    OR
    $ ssh username@zmatech.com@your-linux-box-ip

    8. Enjoy!!!

Related Articles
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

Subscribe to Our Enriching Weekly Tech Newsletter:

©2023 ZMATECH: Innovative solutions for your IT challenges.

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?