Monday, October 7, 2013

Join Fedora 19 to Active Directory Domain using realmd

For years, Linux administrators have been successfully using Samba winbind to integrate Linux with Active directory.  While configuring a Linux host to join an Active Directory Domain is pretty simple, it still involves editing a few configuration files manually in most cases.  The new software, realmd, changes all of that, and makes joining a Linux host to an Active Directory Domain easier than ever before!

I have installed F19 stable from Netinstall CD using minimal install, no desktop. Make sure your network and DNS settings are working, obviously.
To successfully join a Windows 2008r2 AD domain using NTLMv2, I have done the following:
yum install realmd
realm discover –verbose

That will tell you what software you need to install (samba-common doesn’t show up, but it will if you try to join a domain and it’s not installed).
yum install sssd oddjob oddjob-mkhomedir adcli samba-common
realm join –client-software=sssd -U mydomainadmin
That should prompt for a password, and if successful, absolutely nothing will be displayed on STDOUT.
To test if you have successfully joined the domain, use
getent passwd EXAMPLE\\mydomainuser
and you should get a long passwd line.
Now, if you want to only allow certain users to log in, you can run the next two commands:
realm deny –all
realm permit

For more information about logins (including groups!), check out the man page for realm.
Bonus tip:  If you are used to adding AD groups to the sudoers file, the format has changed slightly from RHEL / CentOS 6.  Use the following for groups:
%domain\ ALL=(ALL) ALL
You can skip to the end and leave a response. Pinging is currently not allowed.

No comments:

Post a Comment