Fedora 23
Sponsored Link

Join in Windows Active Directory Domain
2015/11/05
 
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2012 R2
Domain Name : FD3S01
Realm : FD3S.SRV.WORLD
Hostname : fd3s.srv.world
[1] Install some required packages.
[root@dlp ~]#
dnf -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools
[2] Join in Windows Active Directory Domain.
# change DNS settings to refer to AD's one

[root@dlp ~]#
nmcli c modify eno16777736 ipv4.dns 10.0.0.100

[root@dlp ~]#
nmcli c down eno16777736; nmcli c up eno16777736

Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1)
# discover Active Directory domain

[root@dlp ~]#
realm discover FD3S.SRV.WORLD

fd3s.srv.world
  type: kerberos
  realm-name: FD3S.SRV.WORLD
  domain-name: fd3s.srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

# join in Active Directory domain

[root@dlp ~]#
realm join FD3S.SRV.WORLD

Password for Administrator:    
# AD's Administrator password
# verify it's possible to get an AD user info or not

[root@dlp ~]#
id FD3S01\\Serverworld

uid=1309401001(serverworld@fd3s.srv.world) gid=1309400513(domain users@fd3s.srv.world) groups=1309400513(domain users@fd3s.srv.world)
# verify it's possible to switch to an AD user or not

[root@dlp ~]#
su - FD3S01\\Serverworld

Creating home directory for serverworld@fd3s.srv.world.
[serverworld@fd3s.srv.world@dlp ~]$
[3] If you'd like to omit domain name for AD user, configure like follows.
[root@dlp ~]#
vi /etc/sssd/sssd.conf
# line 16: change

use_fully_qualified_names =
False
[root@dlp ~]#
systemctl restart sssd

[root@dlp ~]#
id Administrator

uid=1309400500(administrator) gid=1309400513(domain users) groups=1309400513(domain users), 1309400520(group policy creator owners),1309400512(domain admins),1309400518(schema admins), 1309400572(denied rodc password replication group),1309400519(enterprise admins)
Matched Content
 
Tweet