top of page
Search

Oracle Linux AD Join

  • Writer: Mohammed Niyas
    Mohammed Niyas
  • Aug 9, 2025
  • 2 min read

Prerequisites

On the Domain Controller (AD)

  • A working Active Directory domain (e.g., itproguide.com).

  • An account with permissions to join computers to the domain (Domain Admin or delegated rights).

  • Ensure DNS is working and your AD DNS server is reachable from the Linux host.

  • Make sure your time is synchronized between the DC and Linux host (Kerberos requires this).

  • The default CN=Computers container exists and is writable by your join user.

On Oracle Linux

  • Ensure the hostname is set to the FQDN (fully qualified domain name).

  • Point /etc/resolv.conf to the AD DNS server.


Set Domain IP as DNS

1. Configure Hostname and Time

# Set short hostname
sudo hostnamectl set-hostname linuxvm

# Set full FQDN
sudo hostnamectl set-hostname linuxvm.itproguide.com

# Confirm
hostname -f

Should return:

Set timezone and ensure NTP is running:

sudo timedatectl set-timezone Asia/Dubai    # change to your TZ
sudo dnf install chrony -y
sudo systemctl enable --now chronyd
chronyc tracking   # check time offset

Offset should be within milliseconds.

2. Configure DNS

Edit /etc/resolv.conf:

sudo nano /etc/resolv.conf

Set:

nameserver <AD_DNS_IP>
search itproguide.com

Test:

host dc01.itproguide.com
host _ldap._tcp.itproguide.com

3. Install Required Packages

sudo dnf install -y \
    samba-common samba-client \
    sssd-ad sssd-tools \
    realmd adcli \
    krb5-workstation \
    oddjob oddjob-mkhomedir \
    ca-certificates

4. Discover the Domain

sudo realm -v discover itproguide.com

You should see your DC and domain information.

5. Join the Domain (Samba Method)

sudo realm join -v --membership-software=samba \
  --user=administrator itproguide.com

Enter the AD Administrator password when prompted.

What happens here

  • realm uses Samba’s net ads join instead of adcli.

  • The machine account is created in CN=Computers by default.

  • Machine password is set via RPC (avoiding Kerberos enctype negotiation issues).


Enable DNS discovery

If your AD DNS has proper kerberos.tcp and ldap.tcp SRV records, just turn on DNS lookups.

Edit:

sudo nano /etc/krb5.conf

Change

[libdefaults] 
dns_lookup_realm = true 
dns_lookup_kdc = true

6. Verify Join

realm list

You should see:

domain-name: itproguide.com
domain-realm: ITPROGUIDE.COM
...

Test Kerberos:

Check AD user info from Linux:

7. Configure Home Directory Auto-Creation

sudo authselect select sssd with-mkhomedir --force

8. Test AD Login

From another terminal or SSH:

A home directory should be created automatically.

  1. Leaving the Domain (if needed)

sudo realm leave itproguide.com


 
 
 

Comments

Join our mailing list

Never miss an update

bottom of page