HowTo: Authenticate Linux Clients with Microsoft Active Directory

last updated in Categories Linux, Linux desktop, RedHat/Fedora Linux, Sys admin, Tips, Troubleshooting, Windows, Windows server

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

6 comment

  1. Wow! I didn’t even realize at first that I was reading something on a Microsoft site. Though I think that the author made a few things more difficult than necessary (probably prodded to do so by PR rep), it was overall a very good article.

    I looked for a link to provide them feedback, but didn’t see it. Not something I often say, but kudos to Microsoft for publishing this article! Well written and good info.

  2. One thing that should be noted is that if you are authenticating against 2008r2, you will need to upgrade samba to samba3x BEFORE running through this setup, otherwise you will get an NT_STATUS_PIPE_DISCONNECTED error.

    For RHEL 5x, it’s as simple as this…

    yum erase samba samba-common
    yum install samba3x samba3x-client

    Have a question? Post it on our forum!