Join in Active Directory Domain2015/05/31 |
Join in Windows Active Directory Domain.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below. Domain Server : Windows Server 2012 R2 Domain Name : FD3S01 Realm : FD3S.SRV.WORLD Hostname : fd3s.srv.world
|
|
[1] | Install some required packages. |
[root@dlp ~]# dnf -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools
|
[2] | Join in Windows Active Directory Domain. |
# change DNS settings to refer to AD's one [root@dlp ~]# nmcli c modify eno16777736 ipv4.dns 10.0.0.100 [root@dlp ~]# nmcli c down eno16777736; nmcli c up eno16777736 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) # discover Active Directory domain [root@dlp ~]# realm discover FD3S.SRV.WORLD fd3s.srv.world type: kerberos realm-name: FD3S.SRV.WORLD domain-name: fd3s.srv.world configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools # join in Active Directory domain [root@dlp ~]# realm join FD3S.SRV.WORLD Password for Administrator: # AD's Administrator password # make sure it's possible to get an AD user info or not [root@dlp ~]# id FD3S01\\Serverworld uid=797801104(serverworld@fd3s.srv.world) gid=797800513(domain users@fd3s.srv.world) groups=797800513(domain users@fd3s.srv.world) # make sure it's possible to switch to an AD user or not [root@dlp ~]# su - FD3S01\\Serverworld Creating home directory for serverworld@fd3s.srv.world. [serverworld@fd3s.srv.world@dlp ~]$ |
[3] | If you'd like to omit domain name for AD user, configure like follows. |
[root@dlp ~]#
vi /etc/sssd/sssd.conf # line 16: change use_fully_qualified_names = False
[root@dlp ~]#
[root@dlp ~]# systemctl restart sssd id Administrator uid=1313200500(administrator) gid=1313200513(domain users) groups=1313200513(domain users), 1313200512(domain admins),1313200519(enterprise admins),1313200520(group policy creator owners), 1313200572(denied rodc password replication group),1313200518(schema admins) |
|