This tutorial by Vinícius Ferrão shows us how to integrate Active Directory with FreeBSD 10, using security/sssd.

Q: What are the required steps to authenticate users from an Active Directory running on Windows Server 2012 R2 in FreeBSD 10.0 using sssd with the AD backend with Kerberos TGT working?

A: There are some tricky considerations to make everything works out-of-the-box. FreeBSD only supports sssd version 1.9.6 at this moment. So there’s no support for   Enterprise Principal Names.

If you have a domain with non matched UPNs it will fail to login, since the Kerberos authentication will fail during the process, even with FreeBSD supporting Enterprise Principal Names with Kerberos, the sssd cannot handle this case.

So in actual version of sssd you are limited to have the User Principal Name within the same Domain Name, for example:

Domain Name =
User Principal Name: sAMAccountName: username

Knowing this we can describe the steps to successfully authenticate users from AD in FreeBSD.

View the full tutorial here: