How to easily setup Linux AD Authentication with Realmd and SSSD

This demonstration is for a 7 or 8 CENTOS or RHEL based system, but I imagine this is similar with any other Linux system that can obtain the realmd and sssd packages.

First you want to install the necessary packages. The following should install the necssary dependencies with these

yum install -y realmd sssd oddjob oddjob-mkhomedir sssd samba-common-tools

Next Join the computer to the domain. You must either use a delegated service account (see this article) or an account that has rights to join computer objects to the domain like your admin account 🙂

realm join --computer-ou="ou=someLinuxSvrOU,dc=domain,dc=com" -U <some_joinacct>
# Enter your password

Once you have joined your computer to the domain, you want to make some adjustments to your “/etc/sssd/sssd.conf” file to make some common standards to your setup.
– You can substitute “” with your own FQDN domain name.
– Also add any groups or users that you want to have access to login to your server under the settings: simple_allow_groups, and simple_allow_users

default_domain_suffix =
domains =
config_file_version = 2
services = nss, pam

ad_domain =
krb5_realm = YOURDOMAIN.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%d/%u
access_provider = simple
simple_allow_groups = <whatever AD groups you want to have access>
simple_allow_users = <whatever AD users your want>

homedir_substring = /home

default_domain_suffix =

restart sssd and you are done!

systemctl restart sssd

Check the man page for realm to add necessary groups or users that you want to allow remote login with:

Syntax from the Man page as
realm permit [-ax] [-R realm] {user@domain?}
realm deny -a [-R realm]

# EXAMPLES of common permit commands
realm permit -g "ad_group_name"
realm permit
realm permit -a # Permits all