Join Centos 7 to a Windows Active Directory Domain

Published by Joe Conklin on

Integrating Centos 7 with Windows Active Directory

When a user logs in to a Linux system, the username and password combination must be verified, or authenticated, as a valid and active user. Sometimes the information to verify the user is located on the local system, and other times the system defers the authentication to a user database on a remote system. In the below example we will configure Linux to use a Windows Active Directory Domain as the user database to which the local system defers authentication to.

Steps to configure Active Directory authentication

Step 1: Install the required prerequisite packages.

[root@localhost ~]# yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd ntpdate ntp

Step 2: Configure the resolve.conf with the applicable search domains and nameservers.

[root@localhost ~]# vi /etc/resolv.conf
search domain.local
nameserver 10.1.0.11
nameserver 10.1.0.12

Step 3: Perform a realm join with a domain user account.

[root@localhost ~]# realm join --user=domainuser domain.local
Password for domainuser:

Step 4: List the realm configured to ensure integration with Active Directory was successful.

[root@localhost ~]# realm list
domain.local
  type: kerberos
  realm-name: DOMAIN.LOCAL
  domain-name: domain.local
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  login-formats: %U@domain.local
  login-policy: allow-realm-logins

Step 5: Using visudo configure user permissions per the below. This will allow the Domain Admins group access to the Linux machine and run any commands.

[root@localhost ~]# visudo
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
%DOMAIN.LOCAL\\Domain\ Admins ALL=(ALL) ALL

NOTE: Any user group with a space in the name must be separated in the configuration with "\ ". E.g. Domain\ Admins.

Verify the configuration

Now that the configuration is finished lets verify authentication works. Using a SSH client, such as Putty, we can login to the remote Linux system or locally. If successful you will be able to successfully login as I was able to do below.

login as: domain\user1
domain\user1@10.1.10.11's password:
Last login: Wed Aug 23 10:34:27 2015 from user-pc.domain.local
[user1@domain.local@localhost ~]$
Categories: Active DirectoryCentOSLinux

Related Posts

Application Containers

Docker container management using Rancher

A container management platform is a solution used to o create cloud-native, distributed applications and package legacy applications that were not originally designed for virtual environments. Container management software simplifies the process of adding or Read more…

CentOS

Install MySQL Galera Cluster on Centos 7

MySQL Galera Cluster is a synchronous multi-master cluster, available on Linux only, and only supports the XtraDB/InnoDB storage engines . It is designed to provide high availability and high throughput with low latency, while allowing Read more…

Application Containers

Installing Docker on Centos 7

Docker is a software technology providing containers. Docker provides an additional layer of abstraction and automation of operating-system-level virtualization on Windows and Linux. Docker uses the resource isolation features of the Linux kernel such as Read more…