I’ve added a few servers to a test Windows domain and some of those servers include Debian Linux operating systems. Here are the basic steps on joining a Debian server to Windows Active Directory Domain and setting up domain user login on the Linux server.
I assume you have an installation of Debian up and running. I used Debian 8 Jessie in my post.
Install Necessary Packages
$ apt-get install realmd ntp adcli sssd
Post Installation Tasks
$ mkdir -p /var/lib/samba/private
$ systemctl enable sssd
Make sure we can get information about the domain we want to join.
$ realm discover techish.local
techish.local type: kerberos realm-name: TECHISH.LOCAL domain-name: techish.local configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin
All looks good, now join.
$ realm join --user=administrator techish.local
Password for administrator: * Installing necessary packages: samba-common-bin, sssd-tools
$ systemctl start sssd
At this point, should be joined and we can now test authentication for users…
$ getent passwd firstname.lastname@example.org email@example.com:*:485401343:485400513:Richard J. Kreider:/home/techish.local/rkreider:/bin/bash
Home Directory Setup
$ echo session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 | tee -a /etc/pam.d/common-session
Local Admin Privileges
Think Domain Admin on a Windows PC, but for Linux – sudo.
On Debian 8.6, this was installed when sssd was installed – but, just to make sure:
$ apt-get install libsss-sudo
$ echo %domain firstname.lastname@example.org ALL= ALL | tee -a /etc/sudoers.d/domain_admins
Logging in as Domain User
login as: techish kreider techish kreider@debian's password: email@example.com@debian:~$