I’m not as strong with Linux distributions as I am with Windows and macOS. Yet when I was recently presented with a question on how to bind Linux hosts to an existing Windows AD domain, I accepted the challenge and along with it, the opportunity to pick up some more Linux experience and help a friend out.
Most IT professionals I meet are adamant about performing their tasks with the least amount of hands-on, physical presence as possible. This is not to say that they do not wish to get their hands dirty per se, but rather speaks more to the fact that IT generally has a lot on its plate so working smarter–not harder–is always greater than tying up all your resources on just one or two trouble tickets.
SEE: System update policy template download (Tech Pro Research)
Just about any administrative task you wish to perform is possible from the powerful, robust command-line interface (CLI). This is one of the areas in which Linux absolutely shines. Regardless as to whether the commands are entered manually, remotely via SSH, or automatically piped in using scripts–the ability to manage Linux hosts natively is second to none. Armed with this new-found knowledge, we head directly to the CLI to resolve this problem.
Before diving into the crux of how to perform this domain bind, please note that I included two distinct (though quite similar) processes to accomplish this task. The process used will depend on what version of the Linux kernel your distribution of choice is based on: Debian or Red Hat (RHEL).
Joining Debian-based distros to Active Directory
Launch Terminal and enter the following command:
sudo apt-get realmd
After ‘realmd’ installs successfully, enter the next command to join the domain:
realm join domain.tld --user username
Enter the password of the account with permissions to join devices to the domain, and press the enter key. If the dependencies are not currently loaded onto the Linux host, the binding process will trigger them to be installed automatically.
Joining RHEL-based distros to Active Directory
Launch Terminal and enter the following command:
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
Once the dependencies install successfully, enter the next command to join the domain:
realm join domain.tld --user=username
After authentication occurs for the first time, Linux will automatically create the /etc/sssd/sssd.conf and /etc/krb.conf files, as well as the /etc/krb5.keytab, which control how the system will connect to and communicate with Kerberos (the authentication protocol used by Microsoft’s Active Directory).
Note: The dependencies are installed with their default configurations. This may or may not work with your environment’s specific set up. Additional configuration may be necessary before domain accounts can be authenticated.
Confirm domain (realm) joined successfully
At Terminal, enter the following command for a list of the domain, along with configuration information set:
realm list
Alternatively, you can always check the properties of the computer object in Active Directory Users and Computers snap-in to verify that it was both created and has the proper trust relationship established between host and AD.