After we Setup Active Directory Server in Windows Server 2022 now we can use this LDAP/AD User to login to server environments.

Join Active Directory and Configure to Login with User AD

Installing packages

dnf install -y realmd oddjob oddjob-mkhomedir sssd adcli samba-common-tools

Set dns server to AD server

cat <<EOF | tee -a /etc/resolv.conf
search lab.homelab.is-a.dev
nameserver 10.79.80.3
EOF

Discover to AD server

realm discover lab.homelab.is-a.dev

realm-discover

Joining linux host to AD server

realm join lab.homelab.is-a.dev -U Administrator

realm-join

Adjust configuration in /etc/sssd/sssd.conf file

[sssd]
domains = lab.homelab.is-a.dev
config_file_version = 2
services = nss, pam

[domain/lab.homelab.is-a.dev]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = lab.homelab.is-a.dev
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%d/%u
ad_domain = lab.homelab.is-a.dev
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple

then restart it

systemctl restart sssd.service

Setup sudo config for AD User

cat <<EOF | tee /etc/sudoers.d/ad-users
%administrators    ALL=(ALL) ALL
%operations\ team  ALL=(ALL) ALL
EOF

Maybe you can restrics ssh access with adding this configuration

cat <<EOF | tee -a /etc/ssh/sshd_config
Allowgroups administrators "operations team" cloud-admin
EOF

systemctl restart sshd.service

KDC has no support for encryption type issue

realm-join-issue

Cek configuration file in /etc/krb5.conf then adjust this value

default_realm = LAB.HOMELAB.IS-A.DEV
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5

Reference: