Jack Wallen shows you how to join Fedora Desktop to an Active Directory domain controller.
Recently, I covered how to connect Ubuntu Desktop to an Active Directory domain. The domain controller I connected to was set up using Ubuntu Server and Samba. As you might expect, Fedora Linux is not to be left out of the mix, as you can join this particular distribution to that AD as well.
This can be done in two ways:
- During installation, using the Enterprise Login feature.
- Manually from the command line.
I'm going to walk you through the manual option, on the off chance you've already installed Fedora and need to retroactively connect it to that Active Directory Controller.
SEE: 20 good habits network administrators need--and 10 habits to break (free PDF) (TechRepublic)
What you'll need
A running Active Directory Controller (with the Administrator credentials)
A running instance of Fedora Desktop (I'll be using Fedora 34)
A user with sudo privileges
How to install the necessary software
We're going to need to install a few packages before we can make this work. Log in to Fedora Desktop, open a terminal and issue the command:
sudo dnf install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools -y
Once those packages install, you're ready to configure DNS.
How to configure DNS
We need to make sure the Fedora workstation DNS points to that of our AD controller. To do that, we have to disable systemd's DNS controller. Stop and disable systemd-resolved with the following commands:
sudo systemctl stop systemd-resolved sudo systemctl disable systemd-resolved
Next, unlink the current resolv.conf configuration with:
sudo unlink /etc/resolv.conf
Create a new resolv.conf file:
sudo nano /etc/resolv.conf
The contents of that file will look like:
nameserver ADDRESS search DOMAIN
Where ADDRESS is the IP address of your AD controller and DOMAIN is the domain of your AD. Save and close the file.
How to join the domain
Now we can join the domain. First, we'll make sure we can see it with the command:
sudo realm discover DOMAIN
Where DOMAIN is the domain of the AD. You should see something like:
testdomain.lan type: kerberos realm-name: TESTDOMAIN.LAN domain-name: testdomain.lan configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools
If you see output similar to that above, join the domain with the command:
sudo realm join DOMAIN -v
You will be prompted for the domain controller Administrator password. Upon successful authentication, you'll be presented with:
* Successfully enrolled machine in realm
Congratulations, your Fedora desktop is now a member of the Active Directory domain. If your AD is set up properly, you should now be able to log in to that desktop with users on the domain controller.
Subscribe to TechRepublic's How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
How to become a network administrator: A cheat sheet (TechRepublic)
Hiring Kit: Network Architect (TechRepublic Premium)
5G: More must-read coverage (TechRepublic on Flipboard)