In a post a couple of years ago I gave an example on how to configure an Ubuntu 12.04 server to authenticate to Active Directory. Things used to be hard back then. Now we have the realmd realm enrollment manager to do the hard work of joining the host to an Active Directory domain, and the System Security Services Daemon or SSSD to do the actual authentication and authorization work whenever it is needed. And things are much easier to configure and get running. Continue reading Ubuntu 14.04 Active Directory Authentication
Update 2015-06-16: Ubuntu 14.04 Active Directory Authentication
Authenticating Linux users against Active Directory has traditionally been hard. There’s a multitude of HOWTOs on how to do it, and every one of them seems to do it a bit differently. This is because environments and goals vary, and there are many ways to achieve a particular goal. I will add my version to the mix. This one fetches users and groups from Active Directory LDAP using a machine account added using the Samba tools, and authenticates users to the Active Directory Key Distribution Center using Kerberos. Continue reading Ubuntu 12.04 Active Directory Authentication
Here’s how to configure a Windows domain controller to act as an NTP client and server for your network. You may then sync all your hosts, Windows or other, to that server. To achieve this, configure one (or more) of your domain controllers to retrieve time from the atomic clocks of the Internet. Rest of you servers should follow suit and sync their time to this domain controller after a little while.
Make a backup copy of your AD before you go any further.
Install your new server, and join it to the domain as a member server. Before you can run dcpromo on the new 2008 server, you must run adprep on your schema master, to prepare the Active Directory schema to support Windows 2008 domain controllers. The installation DVD contains a directory called sourcesadprep. Go there and run:
Here are two simple scripts written in Python to fetch information about users from Active Directory. The AD schema has been augmented with the Microsoft Services For Unix schema, which will allow to map Unix uids to Windows user accounts.
First, create a user account for your Apache in the Active Directory. Let’s assume the AD Kerberos realm is KOO.FI, and the user name we have created is “apache”. Also create a computer account, let’s call that “apachesrv”.