Bootstrap FreeKB - Active Directory - Join a Linux computer to an Active Directory domain
Active Directory - Join a Linux computer to an Active Directory domain
Updated:   |  Active Directory articles

To join a Linux computer to an Active Directory domain, install the required packages on the Linux computer.

If the Linux computer is based on Red Hat, the following packages are probably needed.

[root@server1 ~]# yum install realmd
[root@server1 ~]# yum install sssd
[root@server1 ~]# yum install adcli
[root@server1 ~]# yum install oddjob
[root@server1 ~]# yum install oddjob-mkhomedir

 

If the Linux computer is based on Debian, the following packages are probably needed. Notice that the -f option is included. The -f option installed any dependencies used by the package.

[root@server1 ~]# apt-get install -f realmd
[root@server1 ~]# apt-get install -f sssd
[root@server1 ~]# apt-get install -f adcli
[root@server1 ~]# apt-get install -f packagekit

 

Discover the domain that are available on the network. Replace dc1.example.com with the hostname of your domain controller. Notice configured is "no".

[root@server1 ~]# realm discover dc1.example.com
dc1.example.com
  type: kerberos
  realm-name: EXAMPLE.com
  domain-name: example.com
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common

 

Join the domain. Use the password for the Administrator account on the Domain Controller. There should be a bit of output, and the last line should read  Successfully enrolled machine in realm.

[root@server1 ~]# realm join dc1.example.com
Password for Administrator:
. . .
 * Successfully enrolled machine in realm

 

If this prior command fails, add the -v (verbose) option. In this example, the verbose output has Failed to enroll machine in realm: The following packages have unmet dependencies.

[root@server1 ~]# realm -v join example.com
. . .
 ! Failed to enroll machine in realm: The following packages have unmet dependencies:

sssd: Depends: sssd-common (= 1.11.5-1ubuntu3) but 1.11.8-0ubuntu0.3 is to be installed
      Depends: sssd-ad (= 1.11.5-1ubuntu3) but 1.11.8-0ubuntu0.3 is to be installed
. . .

 

Ensure the package dependencies are installed.

[root@server1 ~]# apt-show-versions sssd-common
sssd-common:amd64/trusty-updates 1.11.8-0ubuntu0.3 uptodate
[root@server1 ~]# apt-show-versions sssd-ad
sssd-ad:amd64/trusty-updates 1.11.8-0ubuntu0.3 uptodate

 

Verify the machine was joined to the domain. Noce configured is now kerberos-member, and the are two new lines, login-formats and login-policy.

[root@server1 ~]# realm list
dc1.example.com
  type: kerberos
  realm-name: EXAMPLE.COM
  domain-name: example.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: %U@example.com
  login-policy: allow-realm-logins

 

Allow any domain user to sign into the Linux PC using their Active Directory username and password.

[root@server1 ~]# realm permit --realm example.com --all

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter b2a577 in the box below so that we can be sure you are a human.