How to Join Linux Systems to Active Directory

Integrating Linux with Active Directory

Integrating Linux systems into an Active Directory (AD) helps unify user management and authentication across platforms, providing a seamless environment for both Windows and Linux users. This tutorial guides you through the process of joining Linux systems to an Active Directory domain.

Prerequisites

A Linux system with root access
Access to an Active Directory domain controller
Networking knowledge and basic Linux command line skills
Installed packages: realmd, sssd, samba-common, kerberos, and adcli

Step 1: Prepare Your Linux System

Update your package manager and install necessary packages:

sudo apt update
sudo apt install realmd sssd samba-common kerberos krb5-user adcli

During the installation, you will be prompted to provide your domain information. Enter the domain details as necessary.

Step 2: Discover the AD Domain

Use the realmd tool to discover your domain:

realm discover yourdomain.com

If successful, you’ll see domain details such as domain controllers and client software preferences.

Step 3: Join the Domain

Join your Linux machine to the domain using:

sudo realm join yourdomain.com -U 'Administrator'

Replace Administrator with a domain account that has permission to join machines to the domain.

Step 4: Verify Domain Membership

To verify that the machine has joined the domain:
List the domains recognized locally:

realm list

Ensure that your domain appears in the output.

Configuration for SSSD

Edit the SSSD configuration file located at /etc/sssd/sssd.conf to ensure it reflects the following configuration:

[sssd]
domains = yourdomain.com
config_file_version = 2
services = nss, pam

[domain/yourdomain.com]
ad_domain = yourdomain.com
krb5_realm = YOURDOMAIN.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
fallback_homedir = /home/%u
access_provider = ad

Restart the SSSD service:

sudo systemctl restart sssd.service

Test by logging in with a domain user account.

Troubleshooting Tips

Ensure DNS resolution for the AD domain is set correctly. Configure Linux to use a DNS server that’s aware of the domain.
Check logs in /var/log/sssd/ for detailed error messages.
Ensure time synchronization between the Linux system and domain controller using NTP.

Summary Checklist

Update and install necessary packages
Discover and confirm the AD domain
Join the Linux system to the domain
Edit SSSD configuration and verify domain membership
Troubleshoot using logs and ensure correct DNS settings

For more detailed guidance on setting up directory structures in server environments, see our article on How to Install Active Directory on Windows Server.