If you are looking for how to add Linux ( CentOS ) into Microsoft domain controller ( Active Directory directory), then this articial useful for you.

Introduction

I was working on Highly secure big data infra, where all services access where configure by Ranger ACL’s. the services were interact with Kafka, Hadoop, Hive etc. it’s uses Keytab files for authentications and the basic requirement were client should be part of the domain controller.

So I created one ansible role, that will help you to join linux machin into domain.

Github repo

You can install directly from the source on github by following these steps:

Clone the repository:

git clone https://github.com/rahulinux/ansible-domain-join
cd ansible-domain-join

Configuration and Usage

This project assumes you have a basic knowledge of how ansible works and have already prepared your hosts for configuration by ansible.

First need to create your inventory file, playbook and configuration for client machines

Inventory

The ansible inventory file defines the hosts and what roles each host plays. The default location for an inventory file is /etc/ansible/hosts but this file can be placed anywhere and used with the -i flag of ansible-playbook. An example inventory file would look like:

[mygroup]
## Configure 'ip' variable to bind kubernetes services on a
## different ip than the default iface
node1 ansible_ssh_host=95.54.0.12  # ip=10.3.0.1
node2 ansible_ssh_host=95.54.0.13  # ip=10.3.0.2
node3 ansible_ssh_host=95.54.0.14  # ip=10.3.0.3
node4 ansible_ssh_host=95.54.0.15  # ip=10.3.0.4
node5 ansible_ssh_host=95.54.0.16  # ip=10.3.0.5
node6 ansible_ssh_host=95.54.0.17  # ip=10.3.0.6

Note: For more information on ansible inventories please refer to the ansible documentation: http://docs.ansible.com/ansible/latest/intro_inventory.html

If you have SSH keys then you can simply configure following variable in ansible.cfg

private_key_file=/path/ssh-key/mykey.pem

If you don’t have ssh key and want to configure username and password then you can pass in inventory itself, but this is not best practice.

192.168.122.1 ansible_ssh_user=rahul ansible_sudo_pass=p\@ssw1rd ansible_ssh_pass=p\@ssw1rd

Domain Configuration

You need to privode the details to join linux into domain, like domain user who has right to add client into domain and DNS server and FQDNS.

Edit vars.yml at the root of the ansible-domain-join project.

---
- ad_server:
    ip: 172.31.61.1
    fqdn: etl-ad01.linuxian.local
    user: myaduser
    pass: 'ChangeIt'
    domain: 
     - linuxian.local
     - ec2.internal
    dns: 
     - 172.31.61.1
     - 172.31.0.2

Run Playbook

You must have a playbook to pass to the ansible-playbook command when deploy and configure client machines. There is a playbook at the root of the ansible-domain-join project called site.yaml, this playbook should work fine for most usages.

ansible-playbook -e @vars.yml site.yaml