WINDOWS SECURITY AND DIRECTORY SERVICES FOR UNIX USING CENTRIFY DIRECTCONTROL
35
© CENTRIFY CORPORATION 2004-2005. ALL RIGHTS RESERVED.
PAGE 35
and user accounts to log on to UNIX computers and run directory-enabled or Kerberos-
enabled UNIX programs.
Understanding the adjoin command
You must run the adjoin command on each UNIX or Linux computer included in the
deployment to join the UNIX computers to Active Directory. Use the following parameters.
adjoin
[options]
domain
In addition to specifying the Active Directory domain name, you can specify one or more
options. The key options for the adjoin command are described in the following table:
Table 1.4. Key Options for the Adjoin Command
Option
Description
--user user[@domain] Active Directory user
You must use a user account that has "Add workstations to
domain" privileges.
--password password User's Active Directory password
If you do not type the password when you specify the adjoin
command, adjoin prompts you to provide the password.
--zone Zone
DirectControl Zone to which you want to join the UNIX computer
For example, a user named jeffhay has the right to join computers to the Active Directory
domain, he uses the password not24get, the Zone to which he wants to join the
computer is called HR, and the Active Directory domain to which he wants to join the
UNIX computer is called contoso.com. Jon Smith types the following command to join
the UNIX computer to Active Directory is:
adjoin --user jeffhay --password not24get --zone HR contoso.com
Alternatively, if Jon Smith wants to enter the password interactively, he can use the
following command:
adjoin --user jeffhay --zone HR contoso.com
Using adjoin to join a UNIX or Linux computer to Active Directory
You can use the following procedure to join a UNIX or Linux computer to Active Directory.
To join an Active Directory domain with Centrify DirectControl
1. On a UNIX computer, log on as or switch to the root user.
2. Run
the
adjoin command to join the UNIX computer to an existing Active Directory
domain. Use a fully-qualified domain name. For example, type the following
command to join the sales.contoso.com domain with the user account jeffhay and to
place this computer in the default Zone:
adjoin --user jeffhay sales.contoso.com
The user account you specify must have permission to add computers to the
specified domain. In some organizations, this account must be a member of the
Domain Admins group. In other organizations, the account might be any valid domain
user account. If you do not use the --user option to specify a user, the adjoin
command uses the domain Administrator account by default.
3. Type the password for the specified user account.
If DirectControl successfully connects to Active Directory and joins the UNIX
computer to the Active Directory domain, a confirmation message is displayed. A new
Active Directory computer account is automatically created and the UNIX computer is
configured to allow authorized users to log on.