For years, Linux administrators have been successfully using Samba winbind to integrate Linux with Active directory. While configuring a Linux host to join an Active Directory Domain is pretty simple, it still involves editing a few configuration files manually in most cases. The new software, realmd, changes all of that, and makes joining a Linux host to an Active Directory Domain easier than ever before!
I have installed F19 stable from Netinstall CD using minimal install, no desktop. Make sure your network and DNS settings are working, obviously.
To successfully join a Windows 2008r2 AD domain using NTLMv2, I have done the following:
yum install realmd
realm discover –verbose example.com
That will tell you what software you need to install (samba-common doesn’t show up, but it will if you try to join a domain and it’s not installed).
yum install sssd oddjob oddjob-mkhomedir adcli samba-common
realm join –client-software=sssd example.com -U mydomainadmin
That should prompt for a password, and if successful, absolutely nothing will be displayed on STDOUT.
To test if you have successfully joined the domain, use
getent passwd EXAMPLE\\mydomainuser
and you should get a long passwd line.
Now, if you want to only allow certain users to log in, you can run the next two commands:
realm deny –all
realm permit firstname.lastname@example.org
For more information about logins (including groups!), check out the man page for realm.
Bonus tip: If you are used to adding AD groups to the sudoers file, the format has changed slightly from RHEL / CentOS 6. Use the following for groups:
%domain\ email@example.com ALL=(ALL) ALL
You can skip to the end and leave a response. Pinging is currently not allowed.