How to Join a Linux Server to an Active Directory Domain
How to Join a Linux Server to an Active Directory Domain. In this guide, we introduce Active Directory, its working principle, and its advantages, then show you how to join a Linux server to the Active Directory domain.
The demand for better network resource management grows due to the development of enterprises globally. In this case, Active Directory Domain is the ultimate solution. Microsoft Windows servers provide a network service named Active Directory Domain that enables administrators centrally manage user accounts, group policies, and network resources. It makes it simpler for organizations to manage user authentication and authorization, which helps secure their resources.
Let’s start the article How to Join a Linux Server to an Active Directory Domain.
What is Active Directory Domain?
- Following the users’ roles and responsibilities, it enables administrators to monitor and control access to these resources.
- The client-server architecture of the Active Directory Domain makes the AD server the primary repository for user and resource data.
- With their AD domain credentials (verified by the AD server), users sign in to their PCs or other devices.
- Administrators now manage them centrally instead of managing user accounts and access rights on each device.
Benefits of Active Directory Domain
Organizations using Active Directory Domain gain access to several advantages. Let’s look at some of the advantages:
Single Sign On
Active Directory Domain’s support for Single Sign On (SSO). So, users only need to log in once to access all the utilized resources. Moreover, the risk of password fatigue is decreased, and user productivity is increased.
Integration with other Microsoft services
Active Directory Domain makes resource administration easier by giving administrators a centralized area to manage resources like printers and network shares. By doing this, consistency throughout the business is ensured while cutting down on the time and effort needed to manage these resources.
Simplified Management of Resources
Active Directory Domain makes managing resources easier. Due to this, managing these resources takes less time and effort and maintains uniformity throughout the organization.
Multi factor Authentication
By requiring users to give more than one form of authentication, such as a password and a security token, multi factor authentication adds an extra layer of security. Multi factor authentication is supported by Active Directory Domain.
Delegation of Administration
With Active Directory Domain, administrators assign administrative responsibilities to specific users or groups. In turn, other teams can handle their resources more skilfully, which lessens the workload of the central IT team.
How does Active Directory Domain work?
The domain tree serves as the foundation for Active Directory Domain which arranges one or more domains into a domain tree. Organizational units (OUs) allow administrators to group resources and apply rules to particular user or computer groups. However, each domain have several OUs.
- The AD server also functions as a domain controller, and stores user IDs, machine data, and other resources.
- When a user logs into a device, the device sends a request to the domain controller to verify the user’s credentials.
- Upon finding that the user’s credentials are valid, the domain controller sends a ticket to the device, allowing them to access network resources.
How to Join a Linux Server to an Active Directory Domain
In this section, we explain how to join a Linux server to Active Directory Domain.
Prerequisites
- A Linux server is installed and running.
- A Windows server with an Active Directory Domain controller is installed and configured.
- An administrator password is set up on your Windows server.
Setting Up a System Hostname
First, you need to set up a fully qualified hostname on your Linux server that matches your domain name. Set up it with the following command.
hostnamectl set-hostname ubuntu.exampledomain.com
After setting up a hostname, yverify it with the following command.
hostnamectl
You should see your new hostname on the following screen.
Once you are done, proceed to the next step.
Install Required Packages on Linux
First, you need packages to join your server to Windows Active Directory Domain. Install all of them by running the following command.
apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
nano /etc/resolv.conf
Add your DNS server IP as shown below.
nameserver your-windows-server-ip
Save and close the file when you are done.
Join a Linux Server to Active Directory Domain
Before joining to Active Directory Domain, see help information of the realm command with the following command.
realm join --help
You should see the list of all command options on the following screen.
Next, discover your Active Directory Domain with the following command.
realm discover exampledomain.com
If everything is fine, you should see your domain information on the following screen.
Finally, run the following command to join a Linux server to Active Directory Domain.
realm join -U administrator exampledomain.com
You are asked to provide your Windows administrator password to authenticate the server. After the successful authentication, you should see the following screen.
To verify your domain, run the following command.
realm list
You should see the domain information on the following output.
exampledomain.com
type: kerberos
realm-name: EXAMPLEDOMAIN.COM
domain-name: example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U@exampledomain.com
login-policy: allow-realm-logins
Login to Active Directory Domain from Linux
Enable this by editing the /usr/share/pam-configs/mkhomedir file.
nano /usr/share/pam-configs/mkhomedir
Change the following configurations.
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
Save and close the file then update the file with the following command.
pam-auth-update
See the following screen.
Just press the Enter key to apply the changes. Now, restart the sssd service to implement the changes.
systemctl restart sssd
Also verify the status of sssd service with the following command.
systemctl status sssd
Now, log out from your Linux server. Then, log in with the domain administrator user as shown below.
After the successful authentication, verify the UID of the administrator user using the following command.
id administrator
See the administrator UID in the following output.
uid=1023418957(administrator@exampledomain.com) gid=1024561257(domain users@exampledomain.com) groups=1024561257(domain users@exampledomain.com)
Control Domain User Access
You also control and limit the domain users’ access using the realm command line tool. If you want to allow only hitesh users for SSH and console access, run the following command.
realm permit hitesh@exampledomain.com
To grant access to the sysadmin group, run the following command.
ream permit -g sysadmins
If you want to permit all users, run the following command.
realm permit --all
To deny all users, run the following command.
realm deny --all
Also grant a super user permission to domain users. So that they perform system administration tasks. Do it by creating the following file.
nano /etc/sudoers.d/domain_admins
Add the following lines to grant sudo privileges to the hitesh user and group1 group.
hitesh@exampledomain.com ALL=(ALL) ALL
%group1@exampledomain.com ALL=(ALL) ALL
Save and close the file when you are finished.
Thank you for reading How to Join a Linux Server to an Active Directory Domain. We shall conclude it now.
How to Join a Linux Server to an Active Directory Domain Conclusion
In this post, we learned how to join a Linux server to Active Directory Domain Controller. Now log in to your Linux server using any Active Directory user and manage them from the central location.
Finally, Active Directory Domain enables efficient management and security of an organization’s IT infrastructure. It provides a central location for user accounts, computers, and other resources and allows administrators to control who has access to what based on the users’ roles and responsibilities. Lastly, Active Directory Domain is an essential component of every company’s IT architecture because of its centralized management, access control, security features, scalability, and group policy.
