Introduction: In today’s interconnected world, businesses often require seamless integration between their Linux environments and Active Directory (AD) for centralized user management and authentication. This integration ensures efficient access control and streamlined administration. In this comprehensive guide, we’ll explore how to join Rocky Linux, Alma Linux, and Oracle Linux 9 to Active Directory 2019, including detailed steps on configuring the essential /etc/sssd/sssd.conf file for optimal integration.
Step 1: Prepare Your Active Directory Environment Before diving into the integration process, ensure that your Active Directory environment is properly configured and accessible from the Linux servers. Verify the following:
- Active Directory domain name and domain controller(s) information.
- Functional DNS resolution for the Active Directory domain.
- Sufficient permissions to join computers to the domain.
Step 2: Install Required Packages On each Linux server, install the necessary packages for Active Directory integration. Use the appropriate package manager for your distribution:
For Rocky Linux and Alma Linux:
sudo yum install realmd sssd oddjob adcli -yFor Oracle Linux 9:
sudo dnf install realmd sssd oddjob adcli -yStep 3: Join Linux Servers to Active Directory Once the packages are installed, proceed to join the Linux servers to Active Directory:
- Open a terminal window on the Linux server.
- Use the realm command to join the server to the Active Directory domain. For example:
sudo realm join --user=administrator@example.com example.comReplace “administrator@example.com” with a user account having permissions to join computers to the domain.
- Enter the user’s password when prompted.
Step 4: Configure System Authentication and Access Control After joining the Linux servers to Active Directory, configure the /etc/sssd/sssd.conf file to manage authentication and access control. Here’s a detailed breakdown of the configuration:
[sssd]
services = nss, pam
config_file_version = 2
domains = your_domain
[nss]
[pam]
[domain/your_domain]
# Replace 'your_domain', 'YOUR_REALM', 'your_domain_controller', 'your_computer_name' with actual values.
# Active Directory domain configuration
ad_domain = your_domain
krb5_realm = YOUR_REALM
realmd_tags = manages-system joined-with-adcli
cache_credentials = true
id_provider = ad
auth_provider = ad
access_provider = ad
# Set default shell and home directory for AD users (optional)
default_shell = /bin/bash
fallback_homedir = /home/%u
# Specify the domain controller(s)
ad_server = your_domain_controller
# Specify the computer's machine account name in AD (optional)
computer_name = your_computer_name
# Define the enumeration cache and how often it should refresh (optional)
enumerate = true
Step 5: Test Integration and Verify Functionality After configuring sssd.conf, thoroughly test the integration:
- Ensure users can authenticate using Active Directory credentials.
- Verify access control by testing permissions to resources.
- Confirm proper recognition of group memberships from Active Directory.
Step 6: Enable Additional Features (Optional) Based on requirements, enable additional features such as centralized sudo configuration or home directory auto-creation to enhance the integrated environment’s functionality.
Conclusion: Integrating Rocky Linux, Alma Linux, and Oracle Linux 9 with Active Directory 2019 offers numerous benefits, including centralized user management and access control. By following the steps outlined in this guide and configuring the /etc/sssd/sssd.conf file accordingly, you can establish a robust and fully integrated environment that leverages the strengths of Linux and Active Directory technologies.
