Integrate Windows AD on RHEL 8 using SSSD
How can I integrate Windows AD on RHEL 8 using SSSD
Ensure that the following ports on the RHEL host are open and accessible to the AD domain controllers.
DNS =53, LDAP =389, Kerberos 88 & 464, LDAP Global Catalog 3268,LDAPS 636 and NTP 123 (UDP)
Verify that the system time on both systems is synchronized. This ensures that Kerberos is able to work correctly.
Refer article to correct server time in Centos, RHEL, Ubuntu, SUSE
Add the details of LDAP configurations.


You can confirm the imported LDAP users were listed in the Users tab in Ezeelogin GUI. You will be able to log in to Ezeelogin GUI with windows user credentials.
Backend configuration to integrate windows with RHEL 8
yum install samba-common-tools realmd oddjob oddjob-mkhomedir sssd adcli krb5-workstation nscd
Ensure that you are using the AD domain controller server for DNS.
3. Add in windows server IP /etc/resolv.conf to resolve and disc over AD do main.
4. To display information for a specific domain, run realm discover and add the name of the domain you want to discover.
[email protected] ~]# realm discover ezad.com
ezad.com
type: kerberos
realm-name: EZAD.COM
domain-name: ezad.com
configured: no
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
[email protected] ~]# getent passwd [email protected]
[email protected]:*:644600500:644600513:Administrator:/home/[email protected]:/bin/bash
7. After successful join, edit /etc/sssd/sssd.conf and change use_fully_qualified_names to False and append the following override_shell = /usr/local/bin/ezsh
8 . Restart sssd and nscd using the below commands.
9. Run id username /getent passwd username and s ee AD user de tails.