How to join a Linux computer to an Active Directory domain

Home > Search > How-to
  by

To join a Linux computer to an Active Directory domain, install the required packages on the Linux computer.

If the Linux computer is based on Red Hat, the following packages are probably needed.

[root@server1 ~]# yum install realmd
[root@server1 ~]# yum install sssd
[root@server1 ~]# yum install adcli
[root@server1 ~]# yum install oddjob
[root@server1 ~]# yum install oddjob-mkhomedir

 

If the Linux computer is based on Debian, the following packages are probably needed. Notice that the -f option is included. The -f option installed any dependencies used by the package.

[root@server1 ~]# apt-get install -f realmd
[root@server1 ~]# apt-get install -f sssd
[root@server1 ~]# apt-get install -f adcli
[root@server1 ~]# apt-get install -f packagekit

 

Discover the domain that are available on the network. Replace dc1.example.com with the hostname of your domain controller. Notice configured is "no".

[root@server1 ~]# realm discover dc1.example.com
dc1.example.com
  type: kerberos
  realm-name: EXAMPLE.com
  domain-name: example.com
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common

 

Join the domain. Use the password for the Administrator account on the Domain Controller. There should be a bit of output, and the last line should read  Successfully enrolled machine in realm.

[root@server1 ~]# realm join dc1.example.com
Password for Administrator:
. . .
 * Successfully enrolled machine in realm

 

If this prior command fails, add the -v (verbose) option. In this example, the verbose output has Failed to enroll machine in realm: The following packages have unmet dependencies.

[root@server1 ~]# realm -v join example.com
. . .
 ! Failed to enroll machine in realm: The following packages have unmet dependencies:

sssd: Depends: sssd-common (= 1.11.5-1ubuntu3) but 1.11.8-0ubuntu0.3 is to be installed
      Depends: sssd-ad (= 1.11.5-1ubuntu3) but 1.11.8-0ubuntu0.3 is to be installed
. . .

 

Ensure the package dependencies are installed.

[root@server1 ~]# apt-show-versions sssd-common
sssd-common:amd64/trusty-updates 1.11.8-0ubuntu0.3 uptodate
[root@server1 ~]# apt-show-versions sssd-ad
sssd-ad:amd64/trusty-updates 1.11.8-0ubuntu0.3 uptodate

 

Verify the machine was joined to the domain. Noce configured is now kerberos-member, and the are two new lines, login-formats and login-policy.

[root@server1 ~]# realm list
dc1.example.com
  type: kerberos
  realm-name: EXAMPLE.COM
  domain-name: example.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: %U@example.com
  login-policy: allow-realm-logins

 

Allow any domain user to sign into the Linux PC using their Active Directory username and password.

[root@server1 ~]# realm permit --realm example.com --all

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments