If you want to learn how to integrate a Linux Machine into Windows Active Directory the easy way, this guide is all you will ever need.
Windows Active Directory is a great way to manage the resources within a Windows network environment. With Active Directory being the core component of the Windows Server Operating system, it is responsible for providing multiple services.
One of the Windows Active Directory’s best key features is the ability to integrate with various services and technologies.
In this article, we will provide you with a detailed guide on how to integrate a Linux Machine into Windows Active Directory.
Why Integrate a Linux Machine into Windows Active Directory (AD)?
Integrating a Linux machine into Active Directory gives users the flexibility to use Linux and Windows together more efficiently. Here are some of the key reasons for integrating a Linux Machine into Windows AD:
- Create a centralized user management.
- Develop seamless Single Sign-On between Windows and Linux.
- Ability to utilize Kerberos authentication protocol.
- Gain access to network resources between Windows and Linux.
- Flexibility to upscale compliance and auditing.
Before we proceed with the guide on how to integrate a Linux Machine into Windows Active Directory, it is ideal to be aware of what packages are necessary for this operation and their prerequisites.
Here are the software packages required, along with an explanation on why they are necessary:
1. System Security Services Daemon (SSSD)
The System Security Services Daemon (SSSD) acts as a bridge between the Linux machine and the Active Directory domain, taking care of identity and authentication services.
SSSD tends to avoid direct communication with the AD server by caching the credentials, resulting in faster authentication and less load on the AD server.
Here is the command to install the SSSD on a Linux Machine:
2. Kerberos client libraries
Kerberos is one of the primary authentication protocols used in the Windows Active Directory Environments. With Kerberos client libraries, Linux generates and validates Kerberos tickets, resulting in the identification of the users.
Once the Kerberos tickets are validated, secure communication is established by authenticating against the Active Directory domain controller.
Here is the command to install the Kerberos client libraries on Linux Machine:
sudo apt install krb5-user
3. LDAP Client Libraries
LDAP stands for Lightweight Directory Access Protocol, and its role is to query and modify the Active Directory Services. LDAP client libraries communicate with the AD to access and perform multiple access directory services.
Here is the command to install the LDAP client libraries on a Linux Machine:
sudo apt install ldap-utils
How to Integrate a Linux Machine into Windows Active Directory (AD)
For proper integration of a Linux machine into Windows Active Directory, updating all the packages is advised. To perform this upgrade of packages, type in the below commands:
sudo apt upgrade
sudo apt update
The above commands look for any pending upgrades for the packages. If any upgrades are available, it will prompt for permission to provide additional disk space. Type ‘Y’ to proceed with the upgrade process.
Once access is provided, it carries all the downloading, installing, and unpacking processes. You can proceed with the next steps if “All packages are up to date” is displayed on the Terminal, as shown in the image below.
Step 1: Verify the Networks
Firstly, verify if the Linux machine is connected to the same network as the Windows AD domain controllers. To do this, enter the below command and replace domain_controller_hostname_or_ip with the hostname or IP address:
If it starts pinging successfully, it can be confirmed that the Linux machine is connected to the same network as the Windows AD domain controllers, as seen in the below image:
Step 2: Install All Required Packages
You can skip this step if you have installed all the necessary packages required to integrate a Linux machine into Windows Active Directory.
However, if you haven’t installed any packages, type in the below command to install all the required packages:
sudo apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
With this command, all the necessary packages are successfully installed. We can now proceed further to configure the DNS.
Step 3: Configure the DNS
The main purpose of this step is to verify if ‘dhcp4: true’ and the DHCP server is configured correctly. Configuring the DNS requires accessing the ‘Netplan’ config file. Here is how to open and edit it:
sudo nano /etc/netplan/*.yaml
Through the netplan config file, we can configure the network connection parameters manually. If any modifications are made, make sure to save the changes by typing the command:
sudo netplan apply
Step 4: Joining the Linux Machine to the Active Directory Domain
To start with the process of joining the Linux machine to the Windows AD, begin with verifying the domain. To do this, create a domain if there isn’t one. Once the domain is created, type in the command:
realm discover [DOMAIN NAME]
If everything is right, you’re provided with a result, as seen in the image below:
If you’re not provided with a response, repeat all the steps.
You can now start joining the AD domain using the command below:
realm join -U [ADMIN NAME] [AD.DOMAIN NAME]
Enter the domain administrator’s username in the ADMIN NAME slot and the domain name in the AD.DOMAIN NAME slot. If you have done it correctly and entered the right credentials, this would be the result as shown in the image below:
Once you have enrolled successfully, verify whether info about the AD user can be generated. To do this, enter the below command after replacing the admin name and domain name:
id [Admin name]@ [AD.DOMAIN NAME]
If the Terminal generates info about the AD user, you have successfully joined the Linux machine to the Windows AD:
Step 5: Configuring SSSD
To avoid the hassle of adding the domain name to the username every time, we can modify the SSSD config file. To perform this operation, start by opening the SSSD config file by entering the command below:
sudo nano /etc/sssd/sssd.conf
Once the SSSD config file is opened, look for the value named ‘use_fully_qualified_names’ and set it to false.
Now save the config file and type in the command “sudo systemctl restart sssd” to verify if we can gather information about the AD user by entering the domain name.
After the device restarts, type “id [Admin name]“, and if the Terminal gathers the information, you have successfully modified the SSSD config file:
Step 6: Testing the Integration
To test the integration of Linux Machine into Active Directory, start with creating Home Directories for AD users when they log in. To perform this operation, edit the PAM config file by typing:
sudo nano /etc/pam.d/common-session
In the PAM config file, add the following line at the end of the file:
session optional pam_mkhomedir.so skel=/etc/skel umask=077
To further verify the integration, log in with the AD credentials using the command:
su [User Name]
Upon entering the password, if a new directory is created and there are no warnings or errors, you have successfully integrated the Linux machine into Windows Active Directory. This is because you have logged in as an AD user on a Linux machine.
With this article, you can successfully learn how to integrate a Linux Machine into Windows Active Directory.
While following the steps mentioned in this article, it is crucial to ensure network connectivity. Additionally, we suggest taking a backup of the config files before editing.
If this guide helped you, please share it