How To join an openSUSE Leap 42.2 Linux Client into an existing Windows ActiveDirectory using SSSD Authentication

Task: Install a server core (without gui) copy of openSUSE Leap 42.2 and join it into an existing Windows AD environment so that one can logon to the system with AD username and password and subsequently can define SMB-Shares on the new server.

  1. Freshly install openSUSE as a server core without gui
  2. Open yast2 and navigate to Network Services -> User Logon Management


  1. Open “Change Settings”
  2. Now, enable “Allow Domain User Logon”, Enable domain data source -> “Users”; “Groups”
  3. Open Join Domain
    1. Insert Domain Name “like”
    2. ID-Provider is Active Directory
    3. Auth-Provider is Active Directory
    4. Enable Domain
  4. In the next panel, activate “Read all entities from backend database”
  5. Then, type in your Active Directory Domain controller like “”.
  6. On the next panel, authenticate with a superuser¬† like “Administrator” who is able to¬† execute a domain join.
  7. Finish the domain join

When you now type in getent passwd, you will realize, that you don’t get any domain users. The reason is because the sssd service is not running properly and throws off an error when checked with service sssd status.

There are some libraries missing that we need to install manually:

zypper install sssd-krb5

zypper install cyrus-sasl

zypper install cyrus-sasl-crammd5

zypper install cyrus-sasl-digestmd5

zypper install cyrus-sasl-plain

zypper install cyrus-sasl-gssapi

After this, you just need to restart the SSSD-Service daemon and you are fine:

service sssd restart

When you now check the available users with getent passwd, you will see that all of your AD items with passwords appear.

You are now able to login with your domain user account.