Before your client can join an AD domain, some adjustments must be made to your network setup to ensure a flawless interaction of client and server.
Configure your client machine to use a DNS server that can forward DNS requests to the AD DNS server. Alternatively, configure your machine to use the AD DNS server as the name service data source.
To succeed with Kerberos authentication, the client must have have its time set accurately. It is highly encouraged to use a central NTP time server for this purpose (this can be also the NTP server running on your Active Directory domain controller). If the clockskew between your Linux host and the domain controller exceeds a certain limit, Kerberos authentication fails and the client is logged in only using the weaker NTLM (NT LAN Manager) authentication.
If your client uses dynamic network configuration with DHCP, configure DHCP to provide the same IP and hostname to the client. If possible, use static IP addresses to be on the safe side.
To browse your network neighborhood, either disable the firewall entirely or mark the interface used for browsing as part of the internal zone.
To change the firewall settings on your client, log in as root and start the YaST firewall module. Select . Select your network interface from the list of interfaces and click . Select and apply your settings with . Leave the firewall settings with . To disable the firewall, just set to and leave the firewall module with .
You cannot log in to an AD domain unless the AD administrator has provided you with a valid user account for this domain. Use the AD username and password to log in to the AD domain from your Linux client.
Join an existing AD domain during installation or by later activating SMB user authentication with YaST in the installed system. The domain join during installation is covered in Configuring the Host as a Windows Domain Member.
NOTE:Currently only a domain administrator account, such as Administrator, can join SUSE Linux Enterprise Desktop into Active Directory.
To join an AD domain in a running system, proceed as follows:
Log in as root and start YaST.
Enter the domain to join at Figure 11-2). If the DNS settings on your host are properly integrated with the Windows DNS server, enter the AD domain name in its DNS format (mydomain.mycompany.com). If you enter the short name of your domain (also known as the pre–Windows 2000 domain name), YaST must rely on NetBIOS name resolution instead of DNS to find the correct domain controller. To select from a list of available domains instead, use to list the NetBIOS domains then select the desired domain.in the screen (see
Figure 11-2 Determining Windows Domain Membership
Checkto use the SMB source for Linux authentication.
Checkto automatically create a local home directory for your AD user on the Linux machine.
Checkto allow your domain users to log in even if the AD server is temporarily unavailable or you do not have a network connection.
Clickand confirm the domain join when prompted for it.
Provide the password for the Windows administrator on the AD server and click Figure 11-3).(see
Figure 11-3 Providing Administrator Credentials
After you have joined the AD domain, you can log in to it from your workstation using the display manager of your desktop or the console.