Linux with Windows AD

Integrate Linux with Windows Active Directory using SSSD:

Install Required packages:

#yum install sssd realmd oddjob-mkhomedir adcli samba-common samba-common-tools krb-workstation openldap-clients policycoreutils-python

#vim /etc/hosts

#vim /etc/resolv.conf

#vim /etc/resolv.conf

Join windows domain:

#realm join –user=tech

Whenever we run “realm join” command it will automatically configure /etc/ssd/ssd.conf file

To verify whether server joined AD or not:

#realm list

Check and verify AD users on linux:


To get result without domain name:


use_fully_qualified_names = True

fallback_homedir = /home/%u@%d


use_fully_qualified_names = False

fallback_homedir = /home/%u

Restart sssd service:

#systemctl restart sssd

#systemctl daemon-reload

#id vijay

Login linux server with AD credential:

#ssh vijay@



Give Sudo rights for AD users on Linux:

Create a group on AD with name sudoers add Linux/UNIX users in that group and on Linux server create fie with name sudoers under folder /etc/sudoers.d

#vim /etc/sudoers.d/sudoers

%sudoers            ALL=(ALL)            ALL

Relogin to server with AD credentials to see whether user is part of suders group

#ssh vijay@

#sudo su

To restrict user login to CentOS 7 / RHEL 7 Server that are on window domain, use the following steps:

Create the Security Groups on AD ( like linuxadmin”)
Add the domain users (which to want to allow login) to this security group.
# realm permit -g

Restart sssd service:

#systemctl restart sssd

#systemctl daemon-reload

once that command has been run it adds the following line to sssd.conf:
simple_allow_groups =

If you want to control rights as well, then you can place the ad security group in sudoers file, example is shown below      ALL=(ALL)            ALL