4

When I arrived at my current position, our environment existed almost exclusively of Windows servers. However, I am a big fan of using Linux for certain applications, like the webgallery I was asked to set up, a simple SFTP server, Nagios for monitoring etc.

I do fine setting these up, but not being the Linux expert, I am not sure how to properly join these servers to the domain and was therefor wondering what procedures or guidelines other people follow.

We often use ping -a to quickly figure out the hostname of a certain server, but this does not seem to work for the linux machines, most likely because of the whole WINS/NetBios thing I assume.

I just joined one server to the domain, but probably missed something cause it's not working even after a dnsflush. Next to that, the couple procedures I've found so far are pretty extensive and most of the time don't seem worth the time. Best case scenario, I download some kind of client (smbclient?), enter the domain name and maybe the server to use, supply an administrator password and that's it. Is that possible at all?

Thanks

HannesFostie
  • 845
  • 14
  • 29

1 Answers1

5

Personally for a low number of Linux servers I wouldn't join them to the domain. If you and a couple of admins are going to be the only ones logging into the server itself, creating accounts on the couple of servers won't take long. The for the applications that run on the server, try to pick ones with ldap support if you want people to log into the applications that run no these servers using their AD credentials.

As far as getting the names to resolve properly, I would just manually create the DNS entries as A records using the DNS console on the AD server.

Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
  • What I *actually* do is only put a couple of my servers used by developers on AD using likewise. The version of likewise I used didn't create the DNS entries so I created them manually. – Kyle Brandt May 25 '10 at 14:12
  • For sftp accounts & the like you can also look into pam_ldap & nss_ldap to handle user accounts (& something like pam_mkhomedir to make home directories on first login) -- It's not quite as complex as joining the server to the domain & you won't need to create accounts manually or deal with disjoint passwords. – voretaq7 May 25 '10 at 14:18
  • ... something else to consider: Microsoft's "Subsystem for Unix-based Applications" (used to be "Services for Unix" before Win2k8) -- This includes a NIS server & basically maps your Windows/AD domain to a *nix/NIS domain, with pretty decent integration. – voretaq7 May 25 '10 at 14:21
  • The accounts are in fact not the issue here, not for logging in nor for the sftp users. The DNS resolving was the biggest "issue" as I figured joining them to the domain should create the A records right away (as I assume they do with Windows servers?). I guess I'll try likewise see if that does anything for us, and create the A records manually like you do. Thanks! – HannesFostie May 25 '10 at 14:23
  • HannseFostie: Seems like you might have misunderstood my A record part. You don't need likewise to create an A record, you can just do it. In fact, you don't need anything really. An A record matches a name to an IP address. So if your domain is Foo.com, you can go create an A record there for baz.foo.com to any ip what so ever. It doesn't matter if you have a server with that IP or not. So whatever your server is name, go ahead and create an A record for that ip. It will start working soon (may need to replicate). Someone please add any scavenging caveats I am missing. – Kyle Brandt May 25 '10 at 14:25