SSSD

SSSD offers a way that Linux can connect to Active Directory.

Install

$ sudo apt install sssd-ad sssd-tools realmd adcli
$ sudo realm -v discover ad1.example.com
$ sudo realm join -v ad1.example.com
Password for Administrator: 
$ sudo pam-auth-update --enable mkhomedir

Note

By default, realm will use the Administrator account of the domain to request the join. 
If you need to use another account, pass it to the tool with the -U option.

Another popular way of joining a domain is using an OTP, or One Time Password, token. 
For that, use the --one-time-password option.

SSD.conf

$ sudo vim /etc/sssd/sssd.conf

[sssd] 
domains = ad1.example.com 
config_file_version = 2 
services = nss, pam

[domain/ad1.example.com] 
default_shell = /bin/bash 
krb5_store_password_if_offline = True 
cache_credentials = True 
krb5_realm = AD1.EXAMPLE.COM 
realmd_tags = manages-system 
joined-with-adcli id_provider = ad 
fallback_homedir = /home/%u@%d 
ad_domain = ad1.example.com 
use_fully_qualified_names = True 
ldap_id_mapping = True 
access_provider = ad

Checks

$ getent passwd john@ad1.example.com
$ groups john@ad1.example.com

Login

$ ssh john@ad1.example.com@10.51.0.11

References

https://ubuntu.com/server/docs/service-sssd-ad