Sponsored Link

Realmd : Join in Active Directory
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2016
NetBIOS Name : FD3S01
Domain Name :
Hostname :
[1] Install some required packages.
# add extension module first

dlp:~ #
SUSEConnect -p PackageHub/15/x86_64

dlp:~ #
zypper -n install realmd adcli sssd sssd-tools sssd-ad samba-client
[2] Join in Windows Active Directory Domain.
dlp:~ #
vi /etc/sysconfig/network/config
# line 195: change DNS settings to refer to AD


dlp:~ #
systemctl restart wickedd wicked wickedd-nanny
# discover Active Directory domain

dlp:~ #
realm discover SRV.WORLD
  type: kerberos
  realm-name: SRV.WORLD
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-client

# join in Active Directory domain

dlp:~ #
realm join SRV.WORLD

Password for Administrator:    
# AD's Administrator password

realm: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed.
# set sssd in PAM

dlp:~ #
pam-config --add --sss
dlp:~ #
vi /etc/nsswitch.conf
# line 25: add like follows

passwd: compat sss
group:  compat sss
shadow: compat sss

dlp:~ #
vi /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)

session optional skel=/etc/skel umask=077

dlp:~ #

Welcome to SUSE Linux Enterprise Server 15  (x86_64) - Kernel 4.12.14-25.25-default (ttyS0).

eth0: fe80::5054:ff:fef7:8696

# an AD user
dlp login: FD3S01\Administrator
Password:>    # just logined
[3] If you'd like to omit domain name for AD user, configure like follows.
dlp:~ #
vi /etc/sssd/sssd.conf
# line 66: change

use_fully_qualified_names =
dlp:~ #
systemctl restart sssd nscd

dlp:~ #
id Administrator

uid=1778800500(administrator) gid=1778800513(domain users) groups=1778800512(domain admins),1778800518(schema admins),1778800519(enterprise admins),1778800520(group policy creator owners),1778800572(denied rodc password replication group),1778800513(domain users)
Matched Content