A while back, I described a method for authenticating CentOS and RHEL servers to Active Directory using LDAP. While this approach is easy to set up and works right out of the gate, there are a few drawbacks to it that I’ve run across:
- Changing passwords from the Linux server does not work unless you set up LDAP over TLS/SSL, which I’ve found very difficult (though not impossible!) to accomplish
- While changing the passwords does work, it can be very user unfriendly. In particular error messages given are very cryptic to the lay user. Unless you are in IT, you’re not going to know or care about the LDAP error codes that are reported back, nor are you going to want to research what the appropriate character classes are for the AD passwords so that you can choose from at least three of them appropriately.
In this article, I’ll describe how to use winbind to join your Linux server to a Microsoft Active Directory and become a domain member.