Can you guys share some insights on deploying Active Directory on Windows and what options are available on CentOS to bring users into a domain within a network of around 3000 computers?

ClearOS is a great option if you're looking for something easy and pre-made. However, if you require more customization, it may be necessary to build the LDAP assemblies yourself to get exactly what you need.


ClearOS offers simplicity and ease of use, while assembling LDAP assemblies yourself allows for greater customization and control over the final product. Ultimately, the choice comes down to your specific needs and preferences.

When PBIS was used through https://github.com/BeyondTrust/pbis-open, everything worked smoothly. The users had access to Samba shares and the ticket was auto-renewed, DNS updates were also done automatically. Additionally, a separate ticket was assigned to the machine itself, giving a hassle-free experience similar to working on a Windows machine.

However, Linux applications present a challenge as they do not recognize the default structure of the home directory which is /home/local/domain/user.
This structure creates problems with apparmor rules designed for a flat /home/user structure. Although the apparmor rules can be corrected, the dialogues for opening/saving files in Chrome still remains unresolved.

A potential solution for avoiding the inconvenience of configuring the client with rdns to false in the krb5.conf file and manually adding the server's domain IP to /etc/hosts is to focus on these key elements:

- Ensuring that the kerberos server has a Key Distribution Center (KDC) storage
- Making sure that each server within the Kerberos realm has a Fully Qualified Domain Name (FQDN)
- Verifying that the server's FQDN is reverse-resolvable (dns on the client)

In addition, it's important to ensure that the time in the Kerberos realm is synchronized and that the local NTP and DNS servers in the domain are configured correctly. These steps can aid in creating KDC keys and Certificates effectively.

Deploying Active Directory on Windows and integrating CentOS machines into the domain can be achieved using the following methods:

1. Windows Server Active Directory Domain Services (AD DS):
  - Install and configure a Windows Server with AD DS role.
  - Create an Active Directory domain and configure required settings like domain name, security policies, etc.
  - Join Windows computers to the domain by modifying their system properties or using command-line tools like "netdom".

2. Centrify Express for Linux:
  - Centrify provides a free version called Centrify Express that allows integrating Linux systems, including CentOS, into Active Directory domains.
  - Install Centrify Express on CentOS machines and join them to the Active Directory domain.
  - Centrify provides various tools and utilities to manage and authenticate user accounts, group policies, etc.

3. Samba:
  - Samba is an open-source software suite that enables file and print services interoperability between Unix-like systems and Windows systems.
  - It can also act as an Active Directory compatible domain controller.
  - Install and configure Samba on a CentOS machine to create an Active Directory-like domain.

These options provide different methods to integrate CentOS machines into an Active Directory domain. You can choose based on your preferences, requirements, and the level of functionality required.

Set up a CentOS domain using OpenLDAP or 389 Directory Server. This provides full control over user and computer management but requires more manual configuration. Use tools like slapd for OpenLDAP or the 389 Directory Server console for management.
For integration, use tools like SSSD and Realmd on both Windows and Linux machines.