I’ve added a few servers to a test Windows domain and some of those servers include Debian Linux operating systems. Here are the basic steps on joining a Debian server to Windows Active Directory Domain and setting up domain user login on the Linux server.

I assume you have an installation of Debian up and running.  I used Debian 8 Jessie in my post.

Install Necessary Packages

$ apt-get install realmd ntp adcli sssd

Post Installation Tasks

$ mkdir -p /var/lib/samba/private
$ systemctl enable sssd

Join Domain

Make sure we can get information about the domain we want to join.

$ realm discover techish.local
techish.local
  type: kerberos
  realm-name: TECHISH.LOCAL
  domain-name: techish.local
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin

All looks good, now join.

$ realm join --user=administrator techish.local
Password for administrator:
 * Installing necessary packages: samba-common-bin, sssd-tools

Start SSSD

$ systemctl start sssd

At this point, should be joined and we can now test authentication for users…

$ getent passwd rkreider@techish.local
rkreider@techish.local:*:485401343:485400513:Richard J. Kreider:/home/techish.local/rkreider:/bin/bash

Home Directory Setup

$ echo session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 | tee -a /etc/pam.d/common-session

Local Admin Privileges

Think Domain Admin on a Windows PC, but for Linux – sudo.

On Debian 8.6, this was installed when sssd was installed – but, just to make sure:

$ apt-get install libsss-sudo
$ echo %domain admins@techish.local ALL= ALL | tee -a /etc/sudoers.d/domain_admins

Logging in as Domain User

login as: techish
kreider
techish
kreider@debian's password:
rkreider@techish.local@debian:~$