≡ Menu

HowTo: Authenticate Linux Clients with Microsoft Active Directory

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory

Share this on:
{ 6 comments… add one }
  • manjula November 18, 2008, 10:46 am
  • Miker November 18, 2008, 2:11 pm

    Wow! I didn’t even realize at first that I was reading something on a Microsoft site. Though I think that the author made a few things more difficult than necessary (probably prodded to do so by PR rep), it was overall a very good article.

    I looked for a link to provide them feedback, but didn’t see it. Not something I often say, but kudos to Microsoft for publishing this article! Well written and good info.

  • hijack203 November 18, 2008, 2:56 pm

    We use a product called likewise (http://www.likewisesoftware.com/) and love it! Currently we’re using there enterprise version which is a license based but they do have an open version of their product as well to play with (http://www.likewisesoftware.com/products/likewise_open/index.php) Good Luck!

  • misconfig November 18, 2008, 4:21 pm

    How about a guide to authenticate to AD with Fedora or RedHat Directory Service.

  • Daniel January 27, 2011, 12:40 pm

    And with tomcat?

  • JD August 8, 2011, 7:38 pm

    One thing that should be noted is that if you are authenticating against 2008r2, you will need to upgrade samba to samba3x BEFORE running through this setup, otherwise you will get an NT_STATUS_PIPE_DISCONNECTED error.

    For RHEL 5x, it’s as simple as this…

    yum erase samba samba-common
    yum install samba3x samba3x-client

Security: Are you a robot or human?

Leave a Comment

   Tagged with: , , , , , , , , , , , , , ,