Join a Debian server to Microsoft Active Directory

[press-ok]

Hello every one,

Can someone please help me find the right steps on how to join a Debian 6.0 server to a Microsoft Active Directory Domain?

Thanks in advance.

[HROAdmin26]

Google: how to join debian linux to active directory

[press-ok]

Thank you!

I had follow that article already and i was stuck in number 2 from the menu:

Create configuration files – Using Debian in an Active Directory environment.

thought there would be a more intuitive one for basic Linux user.

[HROAdmin26]

A) When you ask questions, state what you have already done/tried.

B) Active Directory is an enterprise product - joining Linux to AD correctly involves understanding of both AD and Linux. This guide is as *basic* as it gets. Likewise does some of this configuration in the background.

[Irithori]

This is actually one of the more straightforward HowTos about that topic.

The issue is, that AD is very proprietary ms country, aka: Only windows machines are expected to connect, everything else is left in the cold.

Also the user credentials and details as well as permissions are fundamentally different between unix and windows.
Hence joining and using AD in a unix env is challenging.

[press-ok]

I'll keep that in mind next time i ask a question HROAdmin26. I am kind of nervous, because i thought the transition from Windows to Lunix would have been easy for me.

My goal with the Linux server is to run Apache+Tomcat based on the recommendation of a many internet posts for better and secure Web Server or Intranet. Pardon my ignorance guys. I have until the end of the year to learn those stuffs. Please, be patient with me, its my first on this forum and i started to love it.

Thanks again.

[press-ok]

Irithori,

Thank you. I heard it is very challenging to do. I want the challenge. So, let's do it. LOL

[Irithori]

Have fun.

One question:
Do you want to join that debian machine to AD, because that is the first step you would (and should) do for a windows server?

Or does that tomcat application actually *need* something from AD, for example user authentication?
- If yes: and if you are also new to unix in general, then I suggest to get on-site support from a unix guy.
Otherwise, the learning curve might be quite steep..

- If no: forget (almost) everything you know and enjoy learning your debian system

[press-ok]

Its a "No" for now lrithori. It will be a yes for beginning of next you. I just want to learn and break it in my Virtual environment which is a replica of my production one.

Thank you all. Keep in mind that i will be back with the subject in the next couple of months

[BoDiddley]

That is a very interesting challenge. DHCP or non? Using private addresses might be easier. I'm not sure what your ultimate goal is but non-dhcp I would try something simple like putting the Linux box in the (AD) forward lookup zone. Even in this instance, for me - when I once administered AD everything had private internal addresses, any box I assigned the same domain name I could put in the forward lookup zone. Or "routeadd" from a workstation and let the switch handle the transaction, not Windows. Everything plugged into the switch does not have to go to the domain. Using "routeadd" from a workstation you can direct traffic through any box by assigning it as the gateway, and setting the gateway to allow forwarding. Personally, I would build a linux network separately through the same switch. Then figure-out the crossover.

Active directory will need to see something similar to itself. Either domain name the box, or private address same network (IE. 10.81.1.0).

Good luck with that.