How To Join Linux to Active Directory | Arkit

by ·

Scenario: Join Linux to Windows Active Directory and use centralized authentication, easy user management. If you have hundreds of servers you would like to create users, groups there permissions is not easy to maintain. Creating users in all servers, when user left the organization going to be TDS task to disable/delete user.

Make use of existing AD users login into Linux so when Active directory account is disabled automatically authentication will be denied for particular user login

Joining Prerequisites

  • Linux host should ping DNS server
  • realm discover should be successful
  • Ready with domain admin account credentials for authentication

Installing required packages

# yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y

Add DNS IP address in /etc/resolv.conf file

Now try discovery process so that you will know REALM reach-ability

realm discover

realm discover

# realm discover -v domain

if discovery is successful then your ready to go

Let’s join linux to windows active directory

[root@test-desktop ~]# realm join -v -U domainadmin domain.servercomputer.com
* Resolving: _ldap._tcp.domain.servercomputer.com
* Performing LDAP DSE lookup on: 192.168.2.10
* Successfully discovered: domain.servercomputer.com
Password for domainadmin:******
  • -U domain admin user name
  • REALM name /Domain name

join linux to windows active directory

verifying log will give you more in-depth details

joined successfully

Try login

Login: domain\demo.user

id of domain user login

When you login to Linux server using domain user it will automatically creates its home directory and environment

Sudo access to Domain user

allowing sudo access for domain user

Normally when user login he can only execute few commands as a normal user, if you would like to provide him an sudo access / super user access you have to add sudoers exntry as mentioned below

# vi /etc/sudoers
demo.user@DOMAIN.SERVERCOMPUTER.COM ALL=(ALL) NOPASSWD: ALL

If you want to add domain group

%domain-users@DOMAIN.SERVERCOMPUTER.COM ALL=(ALL) ALL

Leaving domain

leave domain

# realm leave -v -U domainadmin domain.servercomputer.com

That’s it about join linux to windows active directory.

Note: By default when you join Linux machine to AD all the users from AD can login to Linux terminal/bash. If you would like to restrict the user access create domain level group and allow in SSH config file

Related Articles

Thanks for your wonderful Support and Encouragement