Realmd : Join in Active Directory2019/01/23 |
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
|
|||||||||||
[1] | Install some required packages. |
# add extension module first dlp:~ # SUSEConnect -p PackageHub/15/x86_64 zypper -n install realmd adcli sssd sssd-tools sssd-ad samba-client
|
[2] | Join in Windows Active Directory Domain. |
dlp:~ #
vi /etc/sysconfig/network/config # line 195: change DNS settings to refer to AD
NETCONFIG_DNS_STATIC_SERVERS="10.0.0.100"
dlp:~ #
systemctl restart wickedd wicked wickedd-nanny # discover Active Directory domain dlp:~ # realm discover SRV.WORLD srv.world type: kerberos realm-name: SRV.WORLD domain-name: srv.world configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: adcli required-package: samba-client # join in Active Directory domain dlp:~ # realm join SRV.WORLD Password for Administrator: # AD's Administrator password realm: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed. # set sssd in PAM dlp:~ # pam-config --add --sss
dlp:~ #
vi /etc/nsswitch.conf # line 25: add like follows passwd: compat sss group: compat sss shadow: compat sss
dlp:~ #
vi /etc/pam.d/common-session # add to the end if you need (auto create a home directory at initial login) session optional pam_mkhomedir.so skel=/etc/skel umask=077
dlp:~ #
Welcome to SUSE Linux Enterprise Server 15 (x86_64) - Kernel 4.12.14-25.25-default (ttyS0). eth0: 10.0.0.30 fe80::5054:ff:fef7:8696 # an AD user dlp login: FD3S01\Administrator Password: administrator@srv.world@dlp:~> # just logined |
[3] | If you'd like to omit domain name for AD user, configure like follows. |
dlp:~ #
vi /etc/sssd/sssd.conf # line 66: change use_fully_qualified_names = False
dlp:~ #
dlp:~ # systemctl restart sssd nscd id Administrator uid=1778800500(administrator) gid=1778800513(domain users) groups=1778800512(domain admins),1778800518(schema admins),1778800519(enterprise admins),1778800520(group policy creator owners),1778800572(denied rodc password replication group),1778800513(domain users) |
|