Active Directory uses the Kerberos protocol for service requests. To configure your workstation as a Kerberos client, you will need to modify /etc/krb5.conf.
The first thing you will need to configure is the Kerberos realm of your domain. For all intensive purposes, this merely means pointing the Kerberos libraries to your primary domain controller. In /etc/krb5.conf, there will be a section named [realms]. Add a subsection like the following:
REALMNAME {
kdc = pdc_ip_address
}
By convention, the realm name of an Active Directory domain is the domain name[1] in all uppercase. If your domain name is AD.domain, for instance, you would replace REALMNAME above with AD.DOMAIN.
pdc_ip_address is the IP address of your primary domain controller. Heed this warning from Samba-3 By Example:
If the output of host pdc_ip_address does not contain the correct DNS name, reconfigure hostname resolution before moving on.Kerberos needs to be able to do a reverse DNS lookup on the IP address of your KDC. Also, the name that this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain attached) or the NetBIOS name followed by the realm. If all else fails, you can add a /etc/hosts entry mapping the IP address of your KDC to its NetBIOS name. If Kerberos cannot do this reverse lookup, you will get a local error when you try to join the realm.
With your realm in place, navigate to the [libdefaults] section in the same file and set the default Kerberos realm to REALMNAME:
[libdefaults] default_realm = REALMNAME
| [1] | To find the name of your domain, open Control Panel -> Administrative Tools -> Active Directory Domains and Trusts on your primary domain controller. Your domain name will be listed in the side panel. |