How to join Fedora Linux Desktop to an Active Directory domain

Jack Wallen shows you how to join Fedora Desktop to an Active Directory domain controller.

fedora.jpg

Image: The Fedora Project

Recently, I covered how to connect Ubuntu Desktop to an Active Directory domain. The domain controller I connected to was set up using Ubuntu Server and Samba. As you might expect, Fedora Linux is not to be left out of the mix, as you can join this particular distribution to that AD as well.

This can be done in two ways:

  1. During installation, using the Enterprise Login feature.
  2. Manually from the command line.

I'm going to walk you through the manual option, on the off chance you've already installed Fedora and need to retroactively connect it to that Active Directory Controller.

SEE: 20 good habits network administrators need--and 10 habits to break (free PDF) (TechRepublic)

What you'll need

  • A running Active Directory Controller (with the Administrator credentials)

  • A running instance of Fedora Desktop (I'll be using Fedora 34)

  • A user with sudo privileges

How to install the necessary software

We're going to need to install a few packages before we can make this work. Log in to Fedora Desktop, open a terminal and issue the command:

sudo dnf install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools -y

Once those packages install, you're ready to configure DNS.

How to configure DNS

We need to make sure the Fedora workstation DNS points to that of our AD controller. To do that, we have to disable systemd's DNS controller. Stop and disable systemd-resolved with the following commands:

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved

Next, unlink the current resolv.conf configuration with:

sudo unlink /etc/resolv.conf

Create a new resolv.conf file:

sudo nano /etc/resolv.conf

The contents of that file will look like:

nameserver ADDRESS
search DOMAIN

Where ADDRESS is the IP address of your AD controller and DOMAIN is the domain of your AD. Save and close the file.

How to join the domain

Now we can join the domain. First, we'll make sure we can see it with the command:

sudo realm discover DOMAIN

Where DOMAIN is the domain of the AD. You should see something like:

testdomain.lan
  type: kerberos
  realm-name: TESTDOMAIN.LAN
  domain-name: testdomain.lan
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

If you see output similar to that above, join the domain with the command:

sudo realm join DOMAIN -v

You will be prompted for the domain controller Administrator password. Upon successful authentication, you'll be presented with:

* Successfully enrolled machine in realm

Congratulations, your Fedora desktop is now a member of the Active Directory domain. If your AD is set up properly, you should now be able to log in to that desktop with users on the domain controller.

Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see