HowTo: Authenticate Linux Clients with Microsoft Active Directory

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 6 comments so far... add one
CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • manjula Nov 18, 2008 @ 10:46

    you can use likewise open software

  • Miker Nov 18, 2008 @ 14:11

    Wow! I didn’t even realize at first that I was reading something on a Microsoft site. Though I think that the author made a few things more difficult than necessary (probably prodded to do so by PR rep), it was overall a very good article.

    I looked for a link to provide them feedback, but didn’t see it. Not something I often say, but kudos to Microsoft for publishing this article! Well written and good info.

  • hijack203 Nov 18, 2008 @ 14:56

    We use a product called likewise ( and love it! Currently we’re using there enterprise version which is a license based but they do have an open version of their product as well to play with ( Good Luck!

  • misconfig Nov 18, 2008 @ 16:21

    How about a guide to authenticate to AD with Fedora or RedHat Directory Service.

  • Daniel Jan 27, 2011 @ 12:40

    And with tomcat?

  • JD Aug 8, 2011 @ 19:38

    One thing that should be noted is that if you are authenticating against 2008r2, you will need to upgrade samba to samba3x BEFORE running through this setup, otherwise you will get an NT_STATUS_PIPE_DISCONNECTED error.

    For RHEL 5x, it’s as simple as this…

    yum erase samba samba-common
    yum install samba3x samba3x-client

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum