How to Integrate RHEL 7 or CentOS 7 with Windows Active Directory

You may also like...

12 Responses

  1. mossholderm says:

    One pedantic complaint… in your last screenshot, you execute “sudo su -” … you should really just be using “sudo -i”.

  2. Tyler says:

    Do you know how to make JUST authentication work with CentOS 7? I’m trying to get some linux servers from one domain, to be able to authenticate to another, so I don’t want to join the domain. I was able to do this with CentOS 5 and 6, but I haven’t been able to get it to work with 7. Any thoughts?

  3. Bob says:

    Great info, thanks for posting. One thing I’m trying to figure out is how to restrict user logins based on AD group membership. Any ideas here? I saw one article referring to pam_access and nologin and editing the access.conf file but so far no luck. All domain members can still SSH to the host.

    Thanks again,


    • Hi Bob,

      To restrict user login to CentOS 7 / RHEL 7 Server that are on window domain, use the following steps:

      1) Create the Security Groups on AD ( like linuxadmins”)
      2) Add the domain users (which to want to allow login) to this security group.
      3) MAP the security group to CentOS / RHEL 7 Server by adding the following line in the file (/etc/sssd/sssd.conf)


      realm permit -g AD-Domain-Group@domain


      realm permit -g

      4) Restart the sssd service

      5) If you want to control rights as well , then you can place the ad security group in sudoers file, example is shown below ALL=(ALL) ALL

  4. Sandeep Kumar says:

    Hi Pradeep,

    First of all thank you very much for posting this valuable information, it’s really very helpfull.

    I am trying to configure the AD authentication and facing one issue while following your article.
    Let me elaborate more-

    1- I have installed all the required packages as mentioned in the article.
    2- I have all the connectivity in place and my RHEL7 server is able to connect with AD server with IP and FQDN.
    3- Next is when I execute the “realm discover” or “realm discover domainname” I am getting “No such realm found:” error.

    [root@myserver ~]# realm discover server@domainname
    realm: No such realm found: server@domainname

    Please help me to troubleshoot the issue.

    Thanks in Advance.

    • Sandeep Kumar says:

      Some more output.

      [root@myserver ~]# realm discover -vvv server@domainname
      * Resolving: _ldap._tcp.server@domainname
      ! Discovery timed out after 15 seconds
      realm: No such realm found: server@domainname


      [root@myserver ~]# realm discover -vvv domainname
      * Resolving: _ldap._tcp.domainname
      ! Discovery timed out after 15 seconds
      realm: No such realm found: domainname

  5. Naga says:

    Hello Pradeep, realm join with a user was successful but this is not able to identify any users. SSSD service is giving me this error:

    GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)

    Any idea why this is happening? Do I need to configure anything in /etc/krb5.conf?

  6. Tom says:

    Thank you for posting this article! These instructions are for RHEL7/CentOS7. Do you know if it would work on RHEL6 or 5?

  7. Hugo Santos says:

    Hello. I’ve installes sssd on a Centos7 server and i’m able to login using may Active Directory credentials, however the id command does not resolve the group names of the AD . Denying me the possiblity of restrict the authentication based on an AD group , because the declared group under sssd.conf cannot be found.

    Any ideas ?

Leave a Reply

Your email address will not be published. Required fields are marked *