SUSE Support

Here When You Need Us

Authenticate SLE 11 Linux to Active Directory via LDAP

This document (7007735) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Server 11


Need to authenticate SLE 11 with Active Directory


On Active Directory Side
  1. In Windows AD go to Control Panel | Add and Remote Programs | Add and Remove Windows Components.
  2. Select Active Directory Services go to Details and install the"Identity Management for UNIX" component.
  3. Under Active Directory Users and Computers | Computers container, create a new object of type Computer with the same hostname of the Linux which is trying to authenticate to AD.
On Linux Side
  1. Make sure the Hostname and Domain name in the /etc/hosts file is correct.
  2. Ensure Firewall is disabled.
  3. Browse to yast2 | Network Settings | Hostname/DNS and enter the IP address of server running DNS on AD side.
  4. Open Terminal and type nslookup <domain name> the output should be like

    root# nslookup <domain>.com

        Non-authoritative answer:
        Name:    <domain>.com
        Address: <IP_address>
  • Browse yast2 | Windows Domain Membership.
  • Type in the Domain name in the "Domain or Workgroup" text box and select "Also User SMB information for Linux Authentication" and "Create Home Directory on Login".
  • Select Expert options take down the UID and GID range.
  • Ensure the time is in sync between the Server running Active Directory and the Linux Workstation and click OK.
  • When prompted for the Administrator Password type in the Administrator password.
  • If prompted to install packages samba-winbind and krb5-client then install them.
  • Under yast2 | User and Group Management go to Authentication Settings tab and select LDAP.
  • Select "UseLDAP" under User Authentication.
  • Type IP of AD server in  Address of LDAP Servers in LDAP Client section.
  • Uncheck the LDAP TLS/SSL option and do a Fetch DN (To check the LDAP connectivity).
  • You should be able to get the list of containers from the AD server ensuring that the Linux is able to connect to the server running AD.
  • Check the LDAP TLS/SSL option.
  • Go to Advanced Configuration and select the Administration Settings tab.
  • Type in the Administrator DN (cn=Administrator,cn=Users,dc=<domain>,dc=com) and say OK.
  • Click OK inLDAP Client Configuration window and if prompted to install any packages say yes and proceed.
  • In Authentication Settings tab we can see under LDAP "Client Enabled: Yes" and under Samba"Authentication with SMB: Yes".
  • Say OK and exit out the window.
  • For the user that is logging in from Linux should have UNIX Attributes tab populated in AD with the UID and GID in the range that was taken down in the step 7, if GID is not there provide one from the range.
  • From the Linux on the gnome or KDE login page select the Domain Name and login to the Linux with the AD user's username and password.


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007735
  • Creation Date: 31-Jan-2011
  • Modified Date:21-Dec-2021
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.