CentOS 8
Sponsored Link

Join in Active Directory Domain2019/09/26

Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your Local Network.
This example is based on the environment like follows.
Domain Server : Windows Server 2019
NetBIOS Name : FD3S01
Domain Name : srv.world
Hostname : fd3s.srv.world
[1] Install some required packages.
[root@dlp ~]#
dnf -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools krb5-workstation
[2] Join in Windows Active Directory Domain.
# change DNS setting to refer to AD

[root@dlp ~]#
nmcli connection modify ens2 ipv4.dns

[root@dlp ~]#
nmcli connection down ens2; nmcli connection up ens2

Connection 'ens2' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
# discover Active Directory domain

[root@dlp ~]#
realm discover SRV.WORLD

  type: kerberos
  realm-name: SRV.WORLD
  domain-name: srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

# join in Active Directory domain

[root@dlp ~]#
realm join SRV.WORLD

Password for Administrator:  
# AD Administrator password
# verify possible to get an AD user info or not

[root@dlp ~]#
id Serverworld@srv.world

uid=880001106(serverworld@srv.world) gid=880000513(domain users@srv.world) groups=880000513(domain users@srv.world),880000572(denied rodc password replication group@srv.world),880000512(domain admins@srv.world)
# verify possible to switch to an AD user or not

[root@dlp ~]#
su - Serverworld@srv.world

Creating home directory for serverworld@srv.world.
[serverworld@srv.world@dlp ~]$  
# just switched
[3] If you'd like to omit domain name for AD user, configure like follows.
[root@dlp ~]#
vi /etc/sssd/sssd.conf
# line 16: change

use_fully_qualified_names =
[root@dlp ~]#
systemctl restart sssd

[root@dlp ~]#
id Administrator

uid=880000500(administrator) gid=880000513(domain users) groups=880000513(domain users),880000572(denied rodc password replication group),880000519(enterprise admins),880000512(domain admins),880000518(schema admins),880000520(group policy creator owners)
Matched Content