Fedora 22
Sponsored Link

Join in Active Directory Domain
Join in Windows Active Directory Domain.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server
: Windows Server 2012 R2

Domain Name
: FD3S01


: fd3s.srv.world
[1] Install some required packages.
[root@dlp ~]#
dnf -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools
[2] Join in Windows Active Directory Domain.
# change DNS settings to refer to AD's one

[root@dlp ~]#
nmcli c modify eno16777736 ipv4.dns

[root@dlp ~]#
nmcli c down eno16777736; nmcli c up eno16777736

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
# discover Active Directory domain

[root@dlp ~]#
realm discover FD3S.SRV.WORLD

  type: kerberos
  realm-name: FD3S.SRV.WORLD
  domain-name: fd3s.srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

# join in Active Directory domain

[root@dlp ~]#
realm join FD3S.SRV.WORLD

Password for Administrator:
# AD's Administrator password
# make sure it's possible to get an AD user info or not

[root@dlp ~]#
id FD3S01\\Serverworld

uid=797801104(serverworld@fd3s.srv.world) gid=797800513(domain users@fd3s.srv.world) groups=797800513(domain users@fd3s.srv.world)
# make sure it's possible to switch to an AD user or not

[root@dlp ~]#
su - FD3S01\\Serverworld

Creating home directory for serverworld@fd3s.srv.world.
[serverworld@fd3s.srv.world@dlp ~]$
[3] If you'd like to omit domain name for AD user, configure like follows.
[root@dlp ~]#
vi /etc/sssd/sssd.conf
# line 16: change

use_fully_qualified_names =
[root@dlp ~]#
systemctl restart sssd

[root@dlp ~]#
id Administrator

uid=1313200500(administrator) gid=1313200513(domain users) groups=1313200513(domain users), 1313200512(domain admins),1313200519(enterprise admins),1313200520(group policy creator owners), 1313200572(denied rodc password replication group),1313200518(schema admins)
Matched Content