How to easily join Linux asset to AD

Syncing a Linux machine with Active Directory unlock benefits like seamless AD login, simplified asset management, and integrate your Linux machine into your company's existing environment, Here is a simple guide of how to do it :)

RPM Based Distributions (Centos/RHEL)

Setup dependencies
centos7:

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python

centos8:

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python-utils

Add to AD:

realm join --user=[domain user account] [domain name]
# realm join --user=myAdUser dev.com

in case of error, run journalctl as described in the error, to fix KDC has no support for encryption type enable Kerberos encryption support:
update-crypto-policies --set DEFAULT:AD-SUPPORT

Debian based systems (ubuntu)

Setup dependencies

sudo apt-get update
sudo apt-get install sssd-ad sssd-tools realmd adcli

Add to AD:

sudo realm -v discover [domain name]
# sudo realm -v discover dev.com
sudo realm join --user=[domain user account] [domain name]
# realm join --user=myAdUser dev.com

in case of error, run journalctlas described in the error, to fix realm: Couldn't join realm: Necessary packages are not installed: sssd-tools sssd libnss-sss libpam-sss adcli even that they are installed run the following:

realm join --user=[domain user account] [domain name] --install=/
realm join --user=myAdUser dev.com

Sources

​

• https://access.redhat.com/solutions/5728591
• https://www.redhat.com/sysadmin/linux-active-directory
• https://ubuntu.com/server/docs/service-sssd-ad
• https://community.spiceworks.com/topic/2018717-joining-debian-machine-to-ad-domain-packages-not-found