Joining CentOS 6 or Red Hat Enterprise Linux 6 to an Active Directory Domain is relatively simple. While Active Directory is proprietary software developed by Microsoft, it’s fairly ubiquitous in medium and large environments, thus integrating Linux and Windows services is very common in this day and age. DNS has to be working properly. You should be able to resolve mydomain.com using DNS.
First, we need to install winbind. This is the Samba service that integrates users, passwords, and other important functions with Active Directory.
yum install samba-winbind
That command should install any and all dependencies necessary. Another step is to install software necessary for initializing Kerberos tickets. While not strictly necessary to join the Domain initially (I believe), it makes troubleshooting a little easier.
yum install krb5-workstation
After those two packages are installed, you can run authconfig-tui to automatically setup pam and other important config files. See the screen shots below for example settings.
The above selections are appropriate. Use fingerprint reader is not needed unless your workstation has a fingerprint reader.
This stage is very important. Security model should be set to ADS. Domain should be the name of the domain without the top level domain. If your domain looks like my.domain.com, then you should put “MY” in this field. Domain controllers are the FQDN for each domain controller you wish your system to use. Unlike Windows, these are not automatically discovered by CentOS or RHEL 6. Separate each domain controller by a space. ADS REALM should be the full name of your Domain in ALL CAPS. Template shell can be whichever you choose. If you want to enable domain users the ability to log in by default, select one of the shells. If you want to disable ssh/local login by default, select /sbin/nologin.
Next, select Join Domain and enter your Domain Admin username and password in the boxes provided. You should enter just the username, do not enter any domain information here.
You can skip to the end and leave a response. Pinging is currently not allowed.