From : https://www.rootusers.com/how-to-join-centos-linux-to-an-active-directory-domain/
Set TimeZone https://www.cyberciti.biz/faq/centos-linux-6-7-changing-timezone-command-line/
Install the tools :
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
Set the domain name and DC IP in /etc/resolv.conf i
[root@centos7 ~]# sudo vi /etc/resolv.conf
search example.com
nameserver 192.168.1.2
Join the domain :
[root@centos7 ~]# sudo realm join --user=administrator example.com
Password for administrator:
Check :
[root@centos7 ~]# realm list
example.com
type: kerberos
realm-name: EXAMPLE.COM
domain-name: example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U@example.com
login-policy: allow-realm-logins
[root@centos7 ~]# id administrator
id: administrator: no such user
[root@centos7 ~]# id administrator@example.com
Edit /etc/sssd/sssd.conf to remove the necesity of @exemple.com
use_fully_qualified_names = False
fallback_homedir = /home/%u
Restart sssd
[root@centos7 ~]# systemctl restart sssd
Create a file with the name of the AD Group to give sudo acces on the Linux box (use sudo -s) :
[root@centos7 ~]# cat /etc/sudoers.d/LinuxAdmins
%LinuxAdmins ALL=(ALL) ALL
# Allow user from linuxAdmins group to logon to the server
sudo realm permit -g linuxadmins
Login via ssh without password by using the kerberos token :
In /etc/ssh/sshd_config on the server, you should find a directive, GSSAPIAuthentication, uncomment it and change the value to yes. Restart the SSH daemon
https://serverfault.com/questions/337967/ssh-from-windows-to-linux-with-ad-certificates