If you want to connect your Linux server to a Windows Active Directory you can use SSSD which is fairly easy to setup.
First make sure to open the following ports on the firewall
Service | Port | Protocol |
DNS | 53 | UDP / TCP |
LDAP | 389 | UDP / TCP |
LDAP | 636 | UDP / TCP |
Kerberos | 88 | UDP / TCP |
Kerberos | 445, 646 | UDP / TCP |
LDAP GC | 3268 | TCP |
NTP | 123 | UDP |
Install SSSD and the needed components (For debian/ubuntu use APT, for RHEL use YUM). The example is based on APT.
# apt install sssd sssd-client oddjob oddjob-mkhomedir samba-common-tools
Edit the config /etc/sssd/sssd.conf. In this config I will use SERVER-01.meer-web.nl and AD-01.MEER-WEB.NL (active directory). Note that I only allow users of the ‘wheel’ group to log in. You can adjust this to your group(s).
[sssd] services=nss,pam,pac domains=meer-web.nl [pam] offline_credentials_expiration=2 [domain/meer-web.nl] id_provider=ad auth_provider=ad access_provider=simple chpass_provider=ad cache_credentials=true use_fully_qualified_names=false ad_hostname=server-01.meer-web.nl ad_server=ad-01.meer-web.nl override_homedir=/home/%u ldap_id_mapping=true ldap_schema=ad dyndns_update=false dyndns_update_ptr=false ad_gpo_access_control=disabled ldap_sasl_authid=server-01$@meer-web.nl simple_allow_groups=wheel ignore_group_members=true ldap_purge_cache_timeout=43200 subdomain_inherit=ignore_group_members,ldap_purge_cache_timeout
Now fire up SSSD by starting the service!
# systemctl enable sssd # systemctl start sssd
Now join your domain using realm
# realm join -v meer-web.nl -U meerwebuser [Enter the password:]
SSSD should now join your AD and you can check the status using realm
realm list
Now go ahead and SSH in using your domain account!