SLES 15
Sponsored Link

Realmd : Join in Active Directory2019/01/23

 
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2016
NetBIOS Name : FD3S01
Domain Name : srv.world
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] Install some required packages.
# add extension module first

dlp:~ #
SUSEConnect -p PackageHub/15/x86_64

dlp:~ #
zypper -n install realmd adcli sssd sssd-tools sssd-ad samba-client
[2] Join in Windows Active Directory Domain.
dlp:~ #
vi /etc/sysconfig/network/config
# line 195: change DNS settings to refer to AD

      NETCONFIG_DNS_STATIC_SERVERS="10.0.0.100"

dlp:~ #
systemctl restart wickedd wicked wickedd-nanny
# discover Active Directory domain

dlp:~ #
realm discover SRV.WORLD

srv.world
  type: kerberos
  realm-name: SRV.WORLD
  domain-name: srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-client

# join in Active Directory domain

dlp:~ #
realm join SRV.WORLD

Password for Administrator:    
# AD's Administrator password

realm: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed.
# set sssd in PAM

dlp:~ #
pam-config --add --sss
dlp:~ #
vi /etc/nsswitch.conf
# line 25: add like follows

passwd: compat sss
group:  compat sss
shadow: compat sss

dlp:~ #
vi /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)

session optional        pam_mkhomedir.so skel=/etc/skel umask=077

dlp:~ #

Welcome to SUSE Linux Enterprise Server 15  (x86_64) - Kernel 4.12.14-25.25-default (ttyS0).

eth0: 10.0.0.30 fe80::5054:ff:fef7:8696

# an AD user
dlp login: FD3S01\Administrator
Password:

administrator@srv.world@dlp:~>    # just logined
[3] If you'd like to omit domain name for AD user, configure like follows.
dlp:~ #
vi /etc/sssd/sssd.conf
# line 66: change

use_fully_qualified_names =
False
dlp:~ #
systemctl restart sssd nscd

dlp:~ #
id Administrator

uid=1778800500(administrator) gid=1778800513(domain users) groups=1778800512(domain admins),1778800518(schema admins),1778800519(enterprise admins),1778800520(group policy creator owners),1778800572(denied rodc password replication group),1778800513(domain users)
Matched Content