Centrify provides a solution to join Linux/Unix systems to Active Directory and enable users to log in with Active Directory credentials. This helps to improve security and simplify management by consolidating identites. But before you join a computer to AD, there are three things to check:
- DNS settings
- Computer name
- Network communication between the Linux/UNIX system and Active Directory domain controller(s)
1. Configure DNS settings
Make sure the Windows DNS Server(s) are included in the /etc/resolv.conf file. This enables systems to be able to communicate with an Active Directory domain controller.
Note: The method to configure the DNS settings in /etc/resolv.conf is different for each Linux / UNIX flavor and environment. If your DNS settings in /etc/resolv.conf are not being retained after reboot, you will need to edit the following files instead:
2. Change the computer name
Before joining your computer to Active Directory, rename your computer to a unique name that is less than 15 characters and meets Active Directory computer naming convention requirements. The method for changing the computer name is also different for each Linux/Unix version, flavor and environment.
Run # hostnamectl set-hostname computername.yourdomain.com --static
CentOS 5/6, AWS EC2
1. Edit /etc/sysconfig/network. Make sure HOSTNAME=computername.yourdomain.com
2. Edit /etc/hosts
3. Run the command # hostname computername.yourdomain.com
1. Update the following files with your new computer name:
3. Firewall and network communication check
Make sure nothing is blocking the ports needed to communicate with Active Directory.
After you install the Centrify Agent, you can run ADcheck either before or during the adjoin process.
When you are ready to join your Linux/Unix system to Active Directory, check out the article on many ways to install the Centrify (Linux/Unix) Agent.
Other related articles:
Troubleshooting adcheck errors