CentOS 7
Sponsored Link

Join in Windows Active Directory
Join in Windows Active Directory Domain.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2012 R2
NetBIOS Name : FD3S01
Domain Name : srv.world
Hostname : fd3s.srv.world
[1] Install some required packages.
[root@dlp ~]#
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation
[2] Join in Windows Active Directory Domain.
# change the DNS to AD's one

[root@dlp ~]#
nmcli c modify ens3 ipv4.dns

[root@dlp ~]#
nmcli c down ens3; nmcli c up ens3

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
# discover Active Directory domain

[root@dlp ~]#
realm discover SRV.WORLD

  type: kerberos
  realm-name: SRV.WORLD
  domain-name: srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common

# join in Active Directory domain

[root@dlp ~]#
realm join SRV.WORLD

Password for Administrator:    
# AD's Administrator password
# make sure it's possible to get an AD user info or not

[root@dlp ~]#
id FD3S01\\Serverworld

uid=406801001(serverworld@srv.world) gid=406800513(domain users@srv.world) groups=406800513(domain users@srv.world)
# make sure it's possible to switch to an AD user or not

[root@dlp ~]#
su - FD3S01\\Serverworld

Creating home directory for serverworld@srv.world.
[serverworld@srv.world@dlp ~]$    
# just switched
[3] If you'd like to omit domain name for AD user, configure like follows.
[root@dlp ~]#
vi /etc/sssd/sssd.conf
# line 16: change

use_fully_qualified_names =
[root@dlp ~]#
systemctl restart sssd

[root@dlp ~]#
id Administrator

uid=406800500(administrator) gid=406800513(domain users) groups=406800513(domain users),
406800572(denied rodc password replication group),406800518(schema admins),
406800520(group policy creator owners),406800512(domain admins),406800519(enterprise admins)
Matched Content