This is how you add a Debian 12 system to an Active Directory domain for user authentication. This is a during the conversion of Molly to run Debian 12, i migrated all tables from SQL Server 2017 on Windows 2019. New Molly will support SQL Server, MariaDB and maybe PostgreSQL.
1. Install Debian.
Add user to sudoers group.
jake@molly:~$ su - Password: root@molly:~# apt install sudo root@molly:~# usermod -aG sudo <User Name> root@molly:~#
2. Set Debian to use a static IP.*
jake@molly:~$ sudo nano /etc/network/interfaces
You’ll see the following:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp
change “iface eth0 inet dhcp” to something like the following:
#iface eth0 inet dhcp
iface eth0 inet static
address <Static IP Here>
netmask <Netmask Here>
gateway <Gateway IP Here>
dns-nameservers <DNS IP Here>
*you don't need to do this if you have a static ip setup in your DHCP server
Restart networking, then lets start putting this in the domain.
jake@molly:~$ sudo systemctl restart networking jake@molly:~$
3. Install these prerequisites.
jake@molly:~$ sudo apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit cifs-utils
4. Update your DNS settings to point to your AD’s DNS server:
jake@molly:~$ nano /etc/resolv.conf
you want it to look similar to this:
GNU nano 7.2 /etc/resolv.conf domain <AD Domain Name> search <AD Domain Name> nameserver <AD DNS Server 1> nameserver <AD DNS Server 2>
4. Actually connect the box to the domain:
jake@molly:~$ su - Password: root@molly:~# realm discover <Domain Name> <Domain Name> type: kerberos realm-name: <DOMAIN NAME> domain-name: <Domain Name> configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin root@molly:~#
All that verifies the connection to the domain. Next add the machine to the domain:
root@molly:~# realm join <Domain Name> Password for Administrator: root@molly:~#
If you just get the prompt, you’re good to go. Lets verify that we can access domain user info:
root@molly:~# id <user@domain name> uid=231001003(<user@domain name>) gid=231000513(domain users@<domain name> groups=231000513(domain users@<domain name>),231001009(helplibraryupdaters@<domain name>) root@molly:~#
That shows the system can contact the domain controller, and retrieve user and group info about a particular user.
5. Configure PAM to automatically create home directories for domain users on first login.
jake@molly:~$ sudo nano /etc/pam.d/common-session [sudo] password for jake:
Add this to the end of the file, remember, whitespace is important here:
session optional pam_mkhomedir.so skel=/etc/skel umask=077
6. logout or open a new terminal window and try logging in as a domain user, if all goes well, you’ll find yourself logged in. Use PWD to verify that your home directory was created properly
jake@neuromancer:~$ ssh -l <user@domain> molly <user@domain>@molly's password: Creating directory '/home/<user@domain>'. Linux molly 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. <user@domain>@molly:~$ pwd /home/<user@domain> <user@domain>@molly:~$
There you go. Debian in a Windows Active Directory domain. woot