CentOS 6
Sponsored Link

Join in Active Directory Domain
2015/06/07
 
Join in Windows Active Directory Domain.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server
: Windows Server 2012 R2

Domain Name
: FD3S01

Realm
: FD3S.SRV.WORLD

Hostname
: fd3s.srv.world
[1] Install some required packages.
# install from EPEL

[root@dlp ~]#
yum --enablerepo=epel -y install adcli sssd authconfig pam_krb5 samba4-common
[2] Join in Active Directory Domain.
[root@dlp ~]#
vi /etc/sysconfig/network-scripts/ifcfg-eth0
# change DNS setting to AD's one

DNS1=
10.0.0.100
[root@dlp ~]#
/etc/rc.d/init.d/network restart
# change Authentication Provider

[root@dlp ~]#
authconfig \
--enablekrb5 \
--krb5kdc=fd3s.srv.world \
--krb5adminserver=fd3s.srv.world \
--krb5realm=FD3S.SRV.WORLD \
--enablesssd \
--enablesssdauth \
--update
# make sure Active Directory domain info

[root@dlp ~]#
adcli info FD3S.SRV.WORLD

[domain]
domain-name = fd3s.srv.world
domain-short = FD3S01
domain-forest = fd3s.srv.world
domain-controller = fd3s.fd3s.srv.world
domain-controller-site = Default-First-Site-Name
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret ads-web
domain-controller-usable = yes
domain-controllers = fd3s.fd3s.srv.world
[computer]
computer-site = Default-First-Site-Name

# join in Active Directory Domain

[root@dlp ~]#
adcli join FD3S.SRV.WORLD

Password for Administrator@FD3S.SRV.WORLD:  
# AD's Administrator password
[root@dlp ~]#
vi /etc/sssd/sssd.conf
# create new (replace the hostname in example to your own one)

[sssd]
domains = fd3s.srv.world
config_file_version = 2
services = nss, pam

[domain/fd3s.srv.world]
ad_domain = fd3s.srv.world
krb5_realm = FD3S.SRV.WORLD
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad

[root@dlp ~]#
chmod 600 /etc/sssd/sssd.conf

[root@dlp ~]#
vi /etc/pam.d/system-auth
# add follows to the end (generate home directory if not)

session     optional      pam_mkhomedir.so skel=/etc/skel umask=077 

[root@dlp ~]#
/etc/rc.d/init.d/sssd start

Starting sssd: [ OK ]
[root@dlp ~]#
chkconfig sssd on

# make sure it's possible to get an AD user info or not

[root@dlp ~]#
id Serverworld

uid=797801106(serverworld) gid=797800513(domain users) groups=797800513(domain users)
# make sure it's possible to switch to an AD user or not

[root@dlp ~]#
su - Serverworld

Creating directory '/home/fd3s.srv.world/serverworld'.
[serverworld@dlp ~]$
# just switched
 
Tweet