Join in Active Directory Domain2025/10/23

Join in Windows Active Directory Domain with Realmd.

This tutorial needs Windows Active Directory Domain Service in your Local Network.
This example is based on the environment like follows.

Domain Server	: Windows Server 2025
Domain Name	: srv.world
Hostname	: fd3s.srv.world (10.0.0.100)
NetBIOS Name	: FD3S01
Realm	: SRV.WORLD

[1]

Install required packages.

dlp:~ #

zypper -n install realmd adcli sssd sssd-tools sssd-ad samba-client

[2]	Join in Windows Active Directory Domain.

# change DNS setting to refer to AD

dlp:~ #

nmcli connection modify enp1s0 ipv4.dns 10.0.0.100

dlp:~ #

nmcli connection up enp1s0

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

# discover Active Directory domain

dlp:~ #

realm discover SRV.WORLD

srv.world
  type: kerberos
  realm-name: SRV.WORLD
  domain-name: srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: sssd-ad
  required-package: adcli
  required-package: samba-client

# join in Active Directory domain

dlp:~ #

realm join SRV.WORLD --membership-software=samba

Password for Administrator:

# AD Administrator password

# verify possible to get an AD user info

dlp:~ #

id Serverworld@srv.world

uid=1275601103(serverworld@srv.world) gid=1275600513(domain users@srv.world) groups=1275600513(domain users@srv.world)

# verify possible to login as an AD user

dlp:~ #

exit

logout

Welcome to openSUSE Leap 16.0 - Kernel 6.12.0-160000.5-default (ttyS0).

enp1s0: 10.0.0.30 fe80::6bd:fb0b:bfca:158d


Welcome to openSUSE Leap 16.0 - Kernel 6.12.0-160000.5-default (ttyS0).

enp1s0: 10.0.0.30 fe80::6bd:fb0b:bfca:158d

dlp login: Serverworld@srv.world
Password:
Creating directory '/home/serverworld@srv.world'.
Have a lot of fun...
serverworld@srv.world@dlp:~>   # logined

[3]	If you'd like to omit domain name for AD user, configure like follows.

dlp:~ #

vi /etc/sssd/sssd.conf

# line 16 : change

use_fully_qualified_names =

False

dlp:~ #

systemctl restart sssd

dlp:~ #

id Administrator

uid=1275600500(administrator) gid=1275600513(domain users) groups=1275600513(domain users),1275600519(enterprise admins),1275600518(schema admins),1275600572(denied rodc password replication group),1275600512(domain admins),1275600520(group policy creator owners)

[4]

AD users UID/GID are assigned randomly, but if you'd like to assign fixed UID/GID, configure like follows.

Add UNIX attributes to AD accounts first, refer to here.
( To add them by PowerShell on CUI, refer to here of [4] )
This example is based on the environment AD accounts have [uidNumber/gidNumber] attributes.

Next, change SSSD settings on SUSE.

dlp:~ #

vi /etc/sssd/sssd.conf

# line 17 : change

ldap_id_mapping =

False

# add to last line

ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber

# clear cache and restart sssd

dlp:~ #

rm -f /var/lib/sss/db/*

dlp:~ #

systemctl restart sssd

dlp:~ #

id Serverworld

uid=5000(serverworld) gid=100(users) groups=100(users)

Matched Content