Configure WSL in a Domain Environment: Step-by-Step Guide

Discover how to configure WSL in a domain environment. This guide covers joining a domain, installing necessary packages, and setting up Kerberos and Winbind for seamless Linux and Windows integration.

Configure WSL in a Domain Environment: Step-by-Step Guide

October 26, 2023
Posted by Luca Berton
ansible, install, windows, wsl, Ubuntu, WinRM, SSH, Active Directory

Introduction

Windows Subsystem for Linux (WSL) is a powerful tool that allows Windows users to run a Linux distribution alongside their Windows operating system. It provides a seamless integration of Linux utilities and tools within the Windows environment. While WSL is primarily used for development and testing, it’s not uncommon for organizations to want to configure it in a domain environment to ensure better management, security, and compliance. In this article, we will explore the steps to configure WSL in a domain environment.

Prerequisites

Before you start configuring WSL in a domain environment, make sure you have the following prerequisites in place:

Windows 10 or Windows 11: Ensure that you are using a compatible version of Windows with WSL support. WSL 2 is recommended for its improved performance and compatibility.
WSL Installed: Install WSL on your Windows machine. You can do this via the Windows Features settings.
Linux Distribution: Choose and install a Linux distribution from the Microsoft Store or via a package manager. Popular choices include Ubuntu, Debian, and CentOS.
Domain Membership: Ensure that your Windows machine is joined to the domain. You will need administrative privileges to achieve this.
Active Directory: Have access to your organization’s Active Directory server and administrative credentials for user and group management.

Join 50+ hours of courses in our exclusive community

Steps to Configure WSL in a Domain Environment

Configuring WSL in a Domain Environment involves a series of steps, including joining your Windows machine to the domain, installing necessary packages, configuring Kerberos and Winbind, joining the domain, setting up authentication, and testing the configuration.

1. Join Your Windows Machine to the Domain

To configure WSL in a domain environment, your Windows machine must be part of the organization’s domain. Follow these steps to join your machine to the domain:

Right-click on “This PC” or “My Computer” and select “Properties.”
Click on “Change settings” under the “Computer name, domain, and workgroup settings” section.
In the “System Properties” window, go to the “Computer Name” tab and click “Change.”
Select “Domain” and enter the domain name. Follow the on-screen instructions to complete the process.

2. Install Required Packages

You will likely need to install some additional packages within your Linux distribution to make it work seamlessly in the domain environment. Open your Linux distribution terminal and use the package manager (e.g., apt for Debian/Ubuntu or yum for CentOS) to install necessary packages like winbind for Active Directory integration.

3. Configure Kerberos and Winbind

To authenticate Linux users with Active Directory, configure Kerberos and Winbind. Edit the /etc/krb5.conf file to specify the realm and KDC (Key Distribution Center) for your domain. Then, configure Winbind to interact with the Active Directory server.

For example, in Ubuntu, you can use the following commands:

sudo apt-get install krb5-user winbind
sudo nano /etc/krb5.conf

Edit the krb5.conf file to include your domain information.

4. Join the Domain

Join the Linux distribution to the domain using the net ads join command. For example:

sudo net ads join -U your_domain_admin_username

You will be prompted to enter the password for the domain administrator.

5. Configure Authentication

Edit the /etc/nsswitch.conf file to include the domain for password and group information:

sudo nano /etc/nsswitch.conf

Add or modify the lines:

passwd:         compat winbind
group:          compat winbind

6. Configure PAM

Edit the /etc/security/pam_winbind.conf file to configure PAM (Pluggable Authentication Module) for Winbind:

sudo nano /etc/security/pam_winbind.conf

Configure the authentication and session settings according to your organization’s requirements.

7. Test the Configuration

To ensure that your Linux distribution can authenticate users from the domain, use the wbinfo and getent commands to test user and group information.

wbinfo -u
wbinfo -g
getent passwd
getent group

If everything is configured correctly, you should see a list of domain users and groups.

Conclusion

Configuring WSL in a domain environment allows you to integrate Linux utilities and applications seamlessly into your organization’s infrastructure. This can be particularly useful for developers and system administrators who need to work with Linux tools within a Windows domain. By following the steps outlined in this article, you can successfully set up WSL in your domain environment, providing a powerful and flexible development and testing platform.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my Udemy 300+ Lessons Video Course.

BUY the Complete Udemy 300+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza