Next, I will need to add my three Linux Clients running Xubuntu to the Windows Domain. This is a bit more complicated than adding a Windows machine because Linux is not made to be compatible with Windows Active Directory as they are completely different Operating Systems. It is going to require some extra configuration to get this done.
I’m going to show how to do this using my Network Administration computer. Open the machine and run hostnamectl (Remember to make sure the machine is updated and upgraded before doing this):
Currently the hostname for this machine is client1. I need to change the hostname to include the domain that this machine will be added to. I’m also going to take this opportunity to rename this machine to something more meaningful than Client1. I’ll rename it to admin.officenet.local:
sudo hostnamectl set-hostname admin.officenet.local
Now, to perform the extra configuration I’ll need to install four utilities:
- SSSD-AD – a module for the System Security Services Daemon. SSSD enables Linux machines to authenticate against Active Directory. It manages user information, group memberships and credentials.
- SSSD-TOOLS – a collection of command-line utilities that assist administrators in managing and configuring the SSSD service.
- REALMD – A service that simplifies the process of discovering and joining domains. It automates the installation of necessary packages and configuration of services.
- ADCLI – A command-line tool that helps Linux machines join Active Directory domains and manage their membership.
To install the utilities run:
sudo apt install -y sssd-ad sssd-tools realmd adcli
Once all the packages are installed, use Realm to discover the domain:
realm -v discover officenet.local
Notice that the domain is there, but not yet configured. Active Directory uses Kerberos for authentication, so the next step is to set up a very simple Kerberos configuration:
sudo nano /etc/krb5.conf
In this configuration file add the following line:
[libdefaults]
default_realm = OFFICENET.LOCAL
rdns = false
Make sure to put the domain name in all caps:
The machine is now ready to join the domain:
realm join -v OFFICENET.LOCAL
NOTE: Make sure to use all caps for the domain name or his will not work. I used the -v (verbose) switch so I get a bit more feedback:
Input the Domain Controller password. It will then prompt you for your local user password. Once done, run the realm discover again:
The last thing I need to do is make sure that when a new user from the domain logs into this computer, it will automatically create a new home directory for them to use. To do this I’ll use PAM (Pluggable Authentication Module):
pam-auth-update –enable mkhomedir
Right now, I only have the Administrator user set up on my Active Directory. So to verify that this machine has been successfully added to the domain, I’ll see if the administrator account is here:
getent passwd administrator@officenet.local
Perfect. I can see the administrator account, Now, I’ll switch over to it:
su administrator@officenet.local
Enter id to confirm:
Great! Now, I’ll have to repeat this process for my Development and HR&Finance machines.
