Add an Ubuntu box to the Active Directory and authenticate the user

Source: Internet
Author: User
Keywords Active catalogue keep abreast work
Tags active catalogue active directory aliyun authenticate authentication directory domain domain name

This is an introduction to how to add an Ubuntu box to an active Directory domain and use ad for user authentication.

Software Environment

Name version MS Windows Server http://www.aliyun.com/zixun/aggregation/19058.html ">2003 standard SP1 Linux Ubuntu breezy 5.10 Winbind 3.0.14a-ubuntu Samba 3.0.14a-ubuntu krb5-user 1.3.6-1 libpam-krb5

Used Terms

Term definition AD Active Directory (Active Directory) DC domain controller (domain Controller) lab.example.com AD domain win2k3.lab.example.com DC FQDN 10.0.0.1 DC IP LAB. example.com Kerberos Realm linuxwork The computer name of the Ubuntu workstation linuxwork.lab.example.com the full domain name of the Ubuntu workstation ntp.example.com Timeserver (NTP)

Confirm the connection is unblocked

The first step in configuring the Ubuntu client on the network where the Active Directory (AD) resides is to ensure that the network is unblocked and that the name of the ActiveDirectory domain controller is resolved correctly. An easy way to verify these two points is to ping the full domain name (FQDN) of the domain controller for the Active Directory on your network.

root@linuxwork:~# Ping win2k3.lab.example.com
PING win2k3.lab.example.com (10.0.0.1) bytes of data.
Bytes from win2k3.lab.example.com (10.0.0.1): Icmp_seq=1 ttl=128 time=0.176ms

The ping output shows that the FQDN has been successfully resolved to an IP address, and that the connection between your Ubuntu workstation and the ad DC is unblocked.

Time setting

Time is essential for Kerberos and is used for authentication in activedirectory networks. The easiest way to do this is to use an NTP server to ensure that the time is properly synchronized. Each Active Directory domain controller is also an NTP server, in order to achieve the best results, using the full domain name of ad dc in the Ubuntu default ntpdate application, He will sync the time at power-on or at the specified request.

File:/etc/default/ntpdate

# Servers to check
Ntpservers= "Win2k3.lab.example.com"
# Additional options for Ntpdate
Ntpoptions= "-U"
root@linuxwork:~#/etc/init.d/ntpdate Restart

Synchronizing clock to win2k3.lab.example.com ... [OK]

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.