To join a Linux computer to an Active Directory domain, install the required packages on the Linux computer.
If the Linux computer is based on Red Hat, the following packages are probably needed.
[root@server1 ~]# yum install realmd
[root@server1 ~]# yum install sssd
[root@server1 ~]# yum install adcli
[root@server1 ~]# yum install oddjob
[root@server1 ~]# yum install oddjob-mkhomedir
If the Linux computer is based on Debian, the following packages are probably needed. Notice that the -f option is included. The -f option installed any dependencies used by the package.
[root@server1 ~]# apt-get install -f realmd
[root@server1 ~]# apt-get install -f sssd
[root@server1 ~]# apt-get install -f adcli
[root@server1 ~]# apt-get install -f packagekit
Discover the domain that are available on the network. Replace dc1.example.com with the hostname of your domain controller. Notice configured is "no".
[root@server1 ~]# realm discover dc1.example.com
dc1.example.com
type: kerberos
realm-name: EXAMPLE.com
domain-name: example.com
configured: no
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
Join the domain. Use the password for the Administrator account on the Domain Controller. There should be a bit of output, and the last line should read Successfully enrolled machine in realm.
[root@server1 ~]# realm join dc1.example.com
Password for Administrator:
. . .
* Successfully enrolled machine in realm
If this prior command fails, add the -v (verbose) option. In this example, the verbose output has Failed to enroll machine in realm: The following packages have unmet dependencies.
[root@server1 ~]# realm -v join example.com
. . .
! Failed to enroll machine in realm: The following packages have unmet dependencies:
sssd: Depends: sssd-common (= 1.11.5-1ubuntu3) but 1.11.8-0ubuntu0.3 is to be installed
Depends: sssd-ad (= 1.11.5-1ubuntu3) but 1.11.8-0ubuntu0.3 is to be installed
. . .
Ensure the package dependencies are installed.
[root@server1 ~]# apt-show-versions sssd-common
sssd-common:amd64/trusty-updates 1.11.8-0ubuntu0.3 uptodate
[root@server1 ~]# apt-show-versions sssd-ad
sssd-ad:amd64/trusty-updates 1.11.8-0ubuntu0.3 uptodate
Verify the machine was joined to the domain. Noce configured is now kerberos-member, and the are two new lines, login-formats and login-policy.
[root@server1 ~]# realm list
dc1.example.com
type: kerberos
realm-name: EXAMPLE.COM
domain-name: example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: %U@example.com
login-policy: allow-realm-logins
Allow any domain user to sign into the Linux PC using their Active Directory username and password.
[root@server1 ~]# realm permit --realm example.com --all
Did you find this article helpful?
If so, consider buying me a coffee over at