This page will show you how to join your Linux server into the Active Directory domain, how to integrate the Active Directory user accounts into the Linux user accounts and how to authenticate users in Active Directory using Winbind, a component of Samba.

NoteSamba is installed by default when you select the Server installation type during the installation process. In case you need to install or reinstall it, just select the Windows File Server package in the Package Management tool.

Setup and Configure Winbind

Authentication1. Click Applications, select System Settings and click Authentication. This will launch the Authentication Configuration window.
Authentication2. Check the Enable Winbind Support and click Configure Winbind. This will launch the Winbind Settings window.
Winbind Settings
3. In the Winbind Settings window, set the Security Model to ads and fill in the Winbind Domain, Winbind ADS Realm and Winbind Domain Controllers. See sample settings below.
Winbind Domain
Winbind ADS Realm
Domain Controllers
ImportantTo ensure the success of the Active Directory integration, make sure that you can ping the domain controllers and that the difference between the domain controllers’ clock and the mail server’s clock is not more than five minutes.
Join Winbind Domain4. Click Join Winbind Domain. You will be asked to save your changes, click Save. In the Joining Winbind Domain window, fill in the Domain Administrator and Password. Click Ok when you are done. Click Ok again to close the Winbind Settings window.
Authentication Configuration5. Click the Authentication tab and check the Enable Winbind Support and Local authorization is sufficient for local users. Click Ok when you are done.
Edit smb.conf6. Open the file /etc/samba/smb.conf for editing and change winbind use default domain to yes.
winbind use default domain = yes
Service Configuration7. Create the folder that will contain the home directory of the Active Directory users. From the terminal window, type in the commands below.
mkdir /home/DOMAIN
chmod 777 /home/DOMAIN
Replace DOMAIN with your domain. Make sure to capitalize your domain like ACME in our example.
NoteWe changed the directory permission to 777, meaning anyone can read, write and execute because the users’ home directory will be created later by Postfix or Dovecot when a mail is received or a user checks his email. The created home directory on the other hand will have its permission set to read, write and execute by the owner only.
Service Configuration8. Restart the winbind service. Learn how to restart services here.

Test the Active Directory Integration

Service Configuration1. From a terminal window, type in wbinfo -u. You should see the Active Directory user accounts.
Service Configuration2. Try the Active Directory authentication, type in wbinfo -a "username"%"password".
Service Configuration3. Finally, type in getent passwd. You should see the Linux system accounts along with the Active Directory user accounts.
NoteIf it doesn’t work, visit the Active Directory Troubleshooting page.

Reconfiguring Postfix and Dovecot to Create the Home Directory

To store the mails, Postfix and Dovecot needs to create the username/Maildir directory. Postfix can create the Maildir directory and all the necessary parent directories. Unfortunately, Dovecot can only create the mail directory which in this case is Maildir and will fail if the parent directory username does not exist. Thus, we need to reconfigure Postfix and Dovecot to skip the Maildir directory and store the mails directly into the username directory which is the user’s home directory.

Edit main.cf1. Edit the file /etc/postfix/ and change the line below.
home_mailbox = /
Edit dovecot.conf2. Edit the file /etc/dovecot.conf and change the line below.
default_mail_env = maildir:~/
Service Configuration3. Restart Postfix or MailScanner (depends if you installed MailScanner) and Dovecot. Learn how to restart services here.

That’s it. The home directory should be now automatically created by Postfix and Dovecot whenever you receive or retrieve mails.


Visit the forum to ask for help or to give a comment.

Posted on 3/19/2007 and last updated on 11/30/2009
Filed under Active Directory , CentOS 4 , Red Hat Enterprise Linux 4 , Samba