This tutorial covers the different ways to use Microsoft Windows 2008/2012 Active Directory Server as an authentication server to Red Hat Linux. Different methods are used for the different Red Hat Linux versions.


Red Hat 7: Direct Integration using Realmd Service

1) You need to have DNS server running on the Active Directory, and add all of your Linux servers in the DNS (A Host)
Make sure DNS works:
# nslookup
# dig

2) Then, discover the Active Directory
# realm discover

3) Then, join the Active Directory
# realm join
then put your Administrator password

4) Make sure you joined the Active Directory
# realm list

5) Try one of the accounts in ad:
# id

Sometimes SELinux intefreres with the realmd. So set SELinux as permissive


Red Hat 6: Direct Integration using SSSD/LDAP/Kerberos

If you are running RHEL 7, then it is way easier to do it using realmd, but since realmd does not exist on RHEL6, then you should do it the manual way.

(note that everything in this redhat reference is OK, EXCEPT when you configure SSSD: the ldap_id_mapping should be TRUE)

1) Configure DNS and make sure you can resolve the Active Directory hostname
# dig
# nslookup

2) Configure Kerberos
# cat /etc/krb5.conf

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}
default_realm = AD.COM

AD.COM = {

[domain_realm] = AD.COM = AD.COM

3) Configure SAMBA
# cat /etc/samba/smb.conf
workgroup = AD //This is the Windows Workgroup name.
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = AD.COM
security = ads

4) cat /etc/sssd/sssd.conf

domains =
config_file_version = 2
services = nss, pam

ad_domain =
krb5_realm = AD.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = ad

5) Get a Kerberos ticket
# kinit Administrator@AD.COM
then put the password

6) Add the machine to the domain using the net command.
# net ads join -k

7) Use authconfig to enable SSSD for system authentication.
# authconfig –update –enablesssd –enablesssdauth –enablemkhomedir

8) Test your connection by using one of the Active Directory Accounts:
# su –


Red Hat 5: Direct Integration using winbind Service

Since Red Hat 5 does not have SSSD above v.1.5, SSSD with “id_provider = ad” cannot be done, where this directive (id_provider = ad) needs SSSD v1.9 minimum.
So your only chance for “direct” Linux integration with AD in Red Hat 5 is winbind

How to do it? use this reference