|
Join in Active Directory Domain
2017/12/13 |
|
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
|
|||||||||
| [1] | Install some required packages. |
|
[root@dlp ~]# dnf -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools
|
| [2] | Join in Windows Active Directory Domain. |
|
# change DNS settings to refer to AD [root@dlp ~]# nmcli con mod ens3 ipv4.dns 10.0.0.100 [root@dlp ~]# nmcli con down ens3; nmcli con up ens3
# discover Active Directory domain [root@dlp ~]# realm discover SRV.WORLD srv.world type: kerberos realm-name: SRV.WORLD domain-name: srv.world configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools # join in Active Directory domain [root@dlp ~]# realm join SRV.WORLD Password for Administrator: # AD Administrator password
# verify it's possible to get an AD user info or not [root@dlp ~]# id FD3S01\\Serverworld uid=287001000(serverworld@srv.world) gid=287000513(domain users@srv.world) groups=287000513(domain users@srv.world) # verify it's possible to switch to an AD user or not [root@dlp ~]# su - FD3S01\\Serverworld Creating home directory for serverworld@srv.world. [serverworld@srv.world@dlp ~]$ # just switched
|
| [3] | If you'd like to omit domain name for AD user, configure like follows. |
|
[root@dlp ~]#
vi /etc/sssd/sssd.conf # line 16: change use_fully_qualified_names = False
[root@dlp ~]#
[root@dlp ~]# systemctl restart sssd id Administrator uid=287000500(administrator) gid=287000513(domain users) groups=287000513(domain users), 287000520(group policy creator owners),287000512(domain admins),287000518(schema admins), 287000519(enterprise admins),287000572(denied rodc password replication group) |