≡ Menu

winbind

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory

An excellent guide; it will give you steps about using Samba server to join to a Windows domain. From the article:

The primary domain controller (PDC) will serve as the password server for the domain. If Samba and winbind services are running, turn them off. I will show you how turn them on after you join to the Windows domain. You should save your files at any point in your "work-in-progress" and restore your originals if you intend to reboot. You should make note of your hard devices listed in your fstab file. Before you start you should ping the server from your intended Linux workstation.

=> Step by Step: Using Samba to join a Windows Domain