Tools for integrating Linux systems with Microsoft Active Directory

Domain Join Made Easy Thanks to Realmd

All of the previously described methods have the disadvantage that they involve a greater or lesser amount of manual work on the clients to join the Windows domain. As of Fedora 18 and Red Hat Enterprise 7, the Red Hat environment offers a tool that lets you easily add a system to a Kerberos realm (a.k.a. domain): realmd. The realmd tool does not just work for Windows domains; you can also use it with FreeIPA domains. The command line is simple:

$ realm join example.com -U Administrator

You won't need to make any additional manual changes to the Kerberos configuration. The realm call ensures that a computer account is automatically created for the system, and a Kerberos principle is also available with a keytab file. At this point, I should mention, however, that realmd is a fairly new tool, and you might experience some complications when using it.

Conclusions

Uniform management of user accounts can be achieved either by Linux clients directly joining a Windows domain or by synchronization or trust relationships between different identity stores. Both methods have their advantages and disadvantages. If Linux clients directly join a Windows domain, I recommend the use of the System Security Services Daemon in combination with the AD provider because this option currently provides the most stable and most efficient solution.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Linux with Active Directory

    Microsoft's Active Directory system provides centralized user management and single sign-on. If you're ready for a few manual steps, Linux can leverage this potential.

  • FreeIPA

    FreeIPA offers integrated identity management and big ideas for the future.

  • Samba 4

    Since the release of the final version, Samba 4 has become increasingly significant in IT practice; now it has found its way into Jessie, the next Debian release. We take a look at the new features.

  • Likewise

    Likewise Open provides smooth integration with Active Directory environments. We show you how to install and configure the admin-friendly authentication system.

  • Filter Proxy for AD

    You might want to reap the benefits of active directory’s single sign-on for your virus scanning and content filtering. If you also use Squid to handle user access to the internet, you have a front-row seat for “when worlds collide.”

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News