SYS‐255 Linux Domain Join - aljimenez28/champlain GitHub Wiki

Overview

The purpose of this section of the lab was to join the Linux server web01 to the Active Directory domain and authenticate using an Active Directory account. Once joined, Linux authentication becomes centralized and users can log in using their domain credentials instead of local accounts.

Objectives

  • Install required packages to support domain joining

  • Configure DNS so Linux can locate the domain controller

  • Join web01 to the domain using realmd

  • Validate that login using Active Directory credentials works

  • Confirm the computer object appears in Active Directory Users and Computers

Steps Completed

1. Confirmed DNS configuration

Linux must use the Domain Controller as its DNS resolver. Originally, I incorrectly configured DNS to 10.0.5.5, but after troubleshooting I discovered AD02 was actually 10.0.5.6.

Commands used to update DNS:

sudo nano /etc/resolv.conf
nameserver 10.0.5.6

Then I made DNS persistent:

nmcli connection modify "Wired connection 1" ipv4.dns "10.0.5.6"
nmcli connection modify "Wired connection 1" ipv4.ignore-auto-dns yes
nmcli connection up "Wired connection 1"

Tested reverse lookup:

nslookup 10.0.5.10

The output showed the hostname which satisfied part of Deliverable 1.

2. Installed required components for joining the domain

Packages installed:

sudo dnf install realmd samba samba-common oddjob oddjob-mkhomedir sssd -y

These packages enable realm discovery, Kerberos authentication, and automatic home directory creation on domain login.

3. Discovered the Active Directory domain

realm discover alejandra.local

Output confirmed the domain controller responded and could be joined.

4. Joined the domain

sudo realm join --user=alejandra.jimenez-ad alejandra.local

After entering the domain Administrator password, the join completed successfully.

Verified the join:

realm list

The output confirmed the system was now a kerberos member and part of the domain.

5. Tested login using Active Directory credentials

Used PuTTY to SSH into web01 using a domain account:

ssh [email protected]@web01-alejandra

or

ssh alejandra.local\\[email protected]

Then verified:

id
whoami
pwd

The output showed the domain username, correct UID and GID, and that the home directory was automatically created in /home/ which confirms SSSD and oddjob are functioning.

6. Verified computer object appeared in Active Directory

On AD02:
Server Manager
Tools
Active Directory Users and Computers
Computers container

web01 appeared as a domain joined computer which completed Deliverable 7.

Problems Encountered and Solutions

Problem Cause Solution
Cannot resolve internal DNS records DNS pointed to wrong IP (10.0.5.5) Corrected to AD02 IP (10.0.5.6) and updated resolv.conf and nmcli settings
nslookup failed to resolve private IP Using public DNS (8.8.8.8) which does not resolve private networks Pointed DNS to domain controller then created A and PTR record in AD DNS
Domain join failed initially Missing realmd and SSSD packages Installed required packages through dnf
Reverse lookup for web01 did not work PTR record not auto created Re created A record in DNS and checked the box to create PTR record

Key Commands Used

sudo dnf install realmd samba samba-common oddjob oddjob-mkhomedir sssd -y
nmcli connection modify "Wired connection 1" ipv4.dns "10.0.5.6"
realm discover sys255.local
sudo realm join --user=Administrator sys255.local
realm list
id
whoami
pwd

Final Result

web01 successfully joined the Active Directory domain.
I can now authenticate over SSH using a domain user account, and the computer object appears in ADUC. This completes Deliverables 6 and 7.

⚠️ **GitHub.com Fallback** ⚠️