HowTo: Authenticate Linux Clients with Microsoft Active Directory

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • JD Aug 8, 2011 @ 19:38

    One thing that should be noted is that if you are authenticating against 2008r2, you will need to upgrade samba to samba3x BEFORE running through this setup, otherwise you will get an NT_STATUS_PIPE_DISCONNECTED error.

    For RHEL 5x, it’s as simple as this…

    yum erase samba samba-common
    yum install samba3x samba3x-client

  • Daniel Jan 27, 2011 @ 12:40

    And with tomcat?

  • misconfig Nov 18, 2008 @ 16:21

    How about a guide to authenticate to AD with Fedora or RedHat Directory Service.

  • hijack203 Nov 18, 2008 @ 14:56

    We use a product called likewise (http://www.likewisesoftware.com/) and love it! Currently we’re using there enterprise version which is a license based but they do have an open version of their product as well to play with (http://www.likewisesoftware.com/products/likewise_open/index.php) Good Luck!

  • Miker Nov 18, 2008 @ 14:11

    Wow! I didn’t even realize at first that I was reading something on a Microsoft site. Though I think that the author made a few things more difficult than necessary (probably prodded to do so by PR rep), it was overall a very good article.

    I looked for a link to provide them feedback, but didn’t see it. Not something I often say, but kudos to Microsoft for publishing this article! Well written and good info.

  • manjula Nov 18, 2008 @ 10:46

    you can use likewise open software

    http://www.likewisesoftware.com/products/likewise_open/

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.