Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

Preparing your Linux / UNIX system to be joined to Active Directory

11 April,19 at 11:50 AM

Centrify provides a solution to join Linux/Unix systems to Active Directory and enable users to log in with Active Directory credentials. This helps to improve security and simplify management by consolidating identites. But before you join a computer to AD, there are three things to check:

  • DNS settings
  • Computer name
  • Network communication between the Linux/UNIX system and Active Directory domain controller(s)

 

1. Configure DNS settings 

Make sure the Windows DNS Server(s) are included in the /etc/resolv.conf file. This enables systems to be able to communicate with an Active Directory domain controller. 

For example:

search yourdomain.com

nameserver 192.168.55.2

nameserver 192.168.44.3

 

Note: The method to configure the DNS settings in /etc/resolv.conf is different for each Linux / UNIX flavor and environment. If your DNS settings in /etc/resolv.conf are not being retained after reboot, you will need to edit the following files instead:

 

2. Change the computer name  

Before joining your computer to Active Directory, rename your computer to a unique name that is less than 15 characters and meets Active Directory computer naming convention requirements. The method for changing the computer name is also different for each Linux/Unix version, flavor and environment.

 

CentOS/RHEL 7

Run # hostnamectl set-hostname computername.yourdomain.com --static

 

CentOS 5/6, AWS EC2

1. Edit /etc/sysconfig/network. Make sure HOSTNAME=computername.yourdomain.com

2. Edit /etc/hosts

For example:

127.0.0.1 localhost

192.168.55.5 computername.yourdomain.com

3. Run the command # hostname computername.yourdomain.com 

4. Reboot

 

Ubuntu - 

1. Update the following files with your new computer name:

  • /etc/hostname
  • /etc/hosts

2. Reboot

 

3. Firewall and network communication check

Make sure nothing is blocking the ports needed to communicate with Active Directory.

AD default ports.png

Verification

After you install the Centrify Agent, you can run ADcheck either before or during the adjoin process.

 

When you are ready to join your Linux/Unix system to Active Directory, check out the article on many ways to install the Centrify (Linux/Unix) Agent.

 

 

Other related articles: 

Troubleshooting adcheck errors

Related Articles

 article[How To] Configure Linux / UNIX MFA login with Centrify articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6041: How to show current license type in use by adclient articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-6056: How to report the group policy settings that are in effect for the local computer? article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I articleCentrify's Privileged Identity Management Solution for Big Data