Jump to content

Configuring Active Directory Accounts For Linux

Recommended Posts

Configuring Active Directory Accounts For Linux

You may have followed our previous article detailing step by step how to integrate your RHEL 6 box into a Windows Active Directory environment Being able to authenticate users and services to active directory from linux is a big plus but it’s not where this journey ends.

We need to setup users default home directories and default shells before we can really allow users to login and start using your server. There are two ways to accomplish this, if you have Unix Identity Management Services installed on your domain controller you will have an easy way to set these configuration inside active directory.

From Windows

Inside server manager select your Active Directory Domain Services, right click to Add Role Services.


Make sure these roles are installed.

Once you have installed these Role Services we can continue.

If you want to administer active directory from your workstation, make sure you have the correct AD Administrative tools installed.


Make sure you have local admin rights on your workstation.


Once you have the correct tools installed open up Active Directory Users and Computers. Find a “test” user and open their properties. You will now see a new tab called UNIX Attributes.


Specify Linux configs from Active Directory

From here you can specify the UID(which will be assigned upon logging into linux), Login Shell, Home Directory, and Primary Group. We aren’t going to go into detail on NIS domain because this is only important for older configuration of SSSD and ldap, krb5 etc.

Let’s run a getent and see what Linux pulls from Active Directory

[root@server tmp]# getent passwd test


Doesn’t match what’s in Active Directory? Read the linux part of this article to find out why.

From Linux

Remember that thing called SSSD? If not please go back and read this.

Let’s add a few lines to our sssd.conf

override_homedir = /home/%f
override_shell = /bin/bash

**Must restart SSSD to take effect**

service sssd restart

Only add these lines if you desire this functionality, either way is fine, however if you have a more complex AD environment it sometimes is easier inside SSSD to implicitly imply what configurations you want for your users. In this example we have told SSSD that each AD user that logs in home directory is /home/username(will be created by oddjob) and that we want their default shell to be /bin/bash.

Most Linux users will expect this to be their default environment.

There you have it. Go forth and shell with your active directory accounts.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...