Joining Linux (RHEL) to Active Directory

Owned by Kevin Brown (Deactivated)
Last updated: Jan 10, 2022 by Sarah Nguyen (Deactivated)
1 min read

All new RHEL machines should use Active Directory for authentication and, potentially, authorization. This document outlines the process by which an RHEL 7 or 8 machine can be added to UConn's Active Directory if the user has the necessary permissions.

  1. Install packages.

    yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python

  2. Set hostname to end with “grove.ad.uconn.edu.”
    hostnamectl set-hostname somethingunique.grove.ad.uconn.edu

  3. If on RHEL 8, re-enable some deprecated crypto versions AD still uses.
    update-crypto-policies --set LEGACY

  4. Join realm.

    1. You can find the distinguished name of the OU by going into Active Directory Users and Computers, finding the destination OU, and viewing its attributes under Properties.

      realm join grove.ad.uconn.edu --user your_admin_account --computer-ou=OU=Distinguished,OU=Name,DC=grove,DC=ad,DC=uconn,DC=edu

  5. Modify the domain section of /etc/sssd/sssd.conf.

    use_fully_qualified_names = False fallback_homedir = /home/%u # This is used to improve group member lookup speed ignore_group_members = true

  6. Add to the domain section of /etc/sssd/sssd.conf.

  7. Deny login for all.

  8. Give login access to groups or users.

  9. Give Sudo access to groups by adding to the sudoers file.

Related Articles