How to Join Rocky Linux 9 into Windows Active Directory

Home 2022 September 22 How to Join Rocky Linux 9 into Windows Active Directory

feel free to email us    info@zmatech.com

, , Linux, Servers, 0

Join Rocky Linux 9 / Alma Linux 9 / Centos Stream 9 / REHL 9 into Windows Active Directory Domain using Samba Winbind.

Learn how to seamlessly connect your Linux machines to Windows domain controllers using Samba Winbind. This guide provides simple step-by-step instructions to help you integrate Rocky Linux 9, Alma Linux 9, CentOS Stream 9, or RHEL 9 with a Windows Active Directory Domain.

NOTE: Although these steps may also be applicable to version 8, they were specifically tested on version 9.

Here are the simple steps to do this:

  1. Install winbind 
    # dnf -y install samba-winbind samba-winbind-clients oddjob-mkhomedir

  2. Configure your kerberos as below. 
    # cp /etc/krb5.conf /etc/krb5.conf-ORIG
    # vi /etc/krb5.conf

    # line 20 : uncomment and specify Realm

    default_realm = ZMATECH

    # line 24-28 : uncomment and specify Realm and Hostname of AD

    [realms]
    ZMATECH = {
    kdc = zmatech.com
    admin_server = zmatech.com
    }

    NOTE: Replace ZMATECH and zmatech.com above to your respective domain names.

  3. Configure samba. 
    #  cp /etc/samba/smb.conf /etc/samba/smb.conf-ORIG
    # vi /etc/samba/smb.conf

    # Remove or comment out the [global] section of the smb.conf file, replace it with the below content.
    # replace [realm] and [workgroup] for your environment

    [global]
    kerberos method = secrets and keytab
    realm = ZMATECH.COM
    workgroup = ZMATECH
    security = ads
    template shell = /bin/bash
    winbind enum groups = Yes
    winbind enum users = Yes
    idmap config * : rangesize = 1000000
    idmap config * : range = 1000000-19999999
    idmap config * : backend = autorid

  4. Run below winbind commands and enable oddjobd service. 
    # authselect select winbind --force
    # authselect enable-feature with-mkhomedir
    # systemctl enable  --now oddjobd

  5. Join your Linux box to AD.
    NOTE:  The administrator must be a user in AD with privileges to add a device to AD.  Therefore replace administrator appropriately.  
    # net ads join -U Administrator

    6. Ignore any DNS related errors.

  6. Enable winbind 
    # systemctl enable --now winbind

    7. Thats it!! You have connected your linux box to AD.

  7. Connect to server:
    From mac or linux terminal, ssh to the server as follows: 
    $ ssh ZMATECH\\username@your-linux-box-ip
    OR
    $ ssh us******@*****ch.com@your-linux-box-ip

    8. Enjoy!!!

Related Articles
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

Subscribe to Our Enriching Weekly Tech Newsletter:

©2025 ZMATECH: Innovative solutions for your IT challenges.

Log in with your credentials

Forgot your details?