Fedora 23
Sponsored Link

Join in Windows Active Directory Domain
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2012 R2
Domain Name : FD3S01
Hostname : fd3s.srv.world
[1] Install some required packages.
[root@dlp ~]#
dnf -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools
[2] Join in Windows Active Directory Domain.
# change DNS settings to refer to AD's one

[root@dlp ~]#
nmcli c modify eno16777736 ipv4.dns

[root@dlp ~]#
nmcli c down eno16777736; nmcli c up eno16777736

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
# discover Active Directory domain

[root@dlp ~]#
realm discover FD3S.SRV.WORLD

  type: kerberos
  realm-name: FD3S.SRV.WORLD
  domain-name: fd3s.srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

# join in Active Directory domain

[root@dlp ~]#
realm join FD3S.SRV.WORLD

Password for Administrator:    
# AD's Administrator password
# verify it's possible to get an AD user info or not

[root@dlp ~]#
id FD3S01\\Serverworld

uid=1309401001(serverworld@fd3s.srv.world) gid=1309400513(domain users@fd3s.srv.world) groups=1309400513(domain users@fd3s.srv.world)
# verify it's possible to switch to an AD user or not

[root@dlp ~]#
su - FD3S01\\Serverworld

Creating home directory for serverworld@fd3s.srv.world.
[serverworld@fd3s.srv.world@dlp ~]$
[3] If you'd like to omit domain name for AD user, configure like follows.
[root@dlp ~]#
vi /etc/sssd/sssd.conf
# line 16: change

use_fully_qualified_names =
[root@dlp ~]#
systemctl restart sssd

[root@dlp ~]#
id Administrator

uid=1309400500(administrator) gid=1309400513(domain users) groups=1309400513(domain users), 1309400520(group policy creator owners),1309400512(domain admins),1309400518(schema admins), 1309400572(denied rodc password replication group),1309400519(enterprise admins)
Matched Content