What is an Active Directory (AD) Domain Linux System?
An Active Directory (AD) domain is a database of user, computer, and network resources that is used to manage access to network resources. In a Windows network, the AD domain is used to authenticate users and authorize access to network resources.
On a Debian Linux system, you can join an AD domain to allow users to log in to the Linux system using their AD credentials and to manage access to Linux resources with AD group policies. To join an AD domain on a Debian system, you will need to install and configure the
Once the Linux system is joined to the AD domain, users can log in to the Linux system using their AD username and password, and access to network resources can be controlled using AD group policies.
How to Join a Debian Linux System to an Active Directory (AD) Domain
To join a Debian Linux system to an Active Directory (AD) domain, you will need to install and configure the
- First, update the package list and install the necessary packages:
sudo apt update sudo apt install realmd sssd sssd-tools samba-common samba-common-bin samba-libs adcli
- Next, you will need to configure
realmdto use the AD domain. You can do this by modifying the
/etc/realmd.conffile or by using the
To use the
realm command, run the following command, replacing
example.com with the actual domain name:
sudo realm join example.com --user=administrator
This will prompt you for the password of the
administrator account. Enter the password and press Enter.
- After joining the domain, you will need to configure
sssdto authenticate against the AD domain. Edit the
/etc/sssd/sssd.conffile and add the following lines:
[domain/example.com] ad_domain = example.com krb5_realm = EXAMPLE.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad
example.com with the actual domain name.
- Restart the
sssdservice to apply the changes:
sudo systemctl restart sssd
- You can now log in to the system using your AD credentials. To test the configuration, try logging in with an AD user account.