Join Fedora 19 to Active Directory Domain using realmd

13
by on September 23, 2013 at 4:24 pm

For years, Linux administrators have been successfully using Samba winbind to integrate Linux with Active directory.  While configuring a Linux host to join an Active Directory Domain is pretty simple, it still involves editing a few configuration files manually in most cases.  The new software, realmd, changes all of that, and makes joining a Linux host to an Active Directory Domain easier than ever before!



I have installed F19 stable from Netinstall CD using minimal install, no desktop. Make sure your network and DNS settings are working, obviously.

To successfully join a Windows 2008r2 AD domain using NTLMv2, I have done the following:
yum install realmd
realm discover –verbose example.com

That will tell you what software you need to install (samba-common doesn’t show up, but it will if you try to join a domain and it’s not installed).
yum install sssd oddjob oddjob-mkhomedir adcli samba-common
realm join –client-software=sssd example.com -U mydomainadmin
That should prompt for a password, and if successful, absolutely nothing will be displayed on STDOUT.
To test if you have successfully joined the domain, use
getent passwd EXAMPLE\\mydomainuser
and you should get a long passwd line.

Now, if you want to only allow certain users to log in, you can run the next two commands:
realm deny –all
realm permit mydomainuser@example.com

For more information about logins (including groups!), check out the man page for realm.

Bonus tip:  If you are used to adding AD groups to the sudoers file, the format has changed slightly from RHEL / CentOS 6.  Use the following for groups:

%domain\ admins@example.com ALL=(ALL) ALL

, ,

You can skip to the end and leave a response. Pinging is currently not allowed.

13 comments on “Join Fedora 19 to Active Directory Domain using realmd

  1. Chris on said:

    Thank you for your article…
    I was FINALLY able to join my domain. Looks like realm works pretty well

  2. Craconia on said:

    Thanks for the tutorial ! I’m wondering…Do we get a reminder when the password is about to expire? (like the pop-up we get on Windows informing us of password expiration coming soon?)

  3. Tom Barcia on said:

    When I login to my domain my username is @@ and on the CentOS boxes I have that are AD integrated, this is not the case. Is there a way to change this behavior so that it’s just @?

    • Tom Barcia on said:

      Ok, so the system removed some of the text… The username is username@domain@host rather than username@host. Hopefully it makes more sense now. :-)

      • I’m not sure what you’re experiencing or what the problem is. Do you mean to say you have CentOS joined to AD through Samba+Winbind and your Fedora 19 box is displaying username@domain@host at the shell prompt? If that is what you’re asking, then no, I don’t know how to change that.

  4. when i run the script [root@localhost ab]# realm join –client-software=sssd MTMHO.com -U ab
    then get error message
    realm: Specify one realm to join

  5. In this line:
    realm join –client-software=sssd example.com -U mydomainadmin

    Where does ‘mydomainadmin’ come from? I don’t have access to the domain controller, which I think is normal.

  6. Thanks aslot for the info, i always forgetts due to i spend 9hours at work with MicroSoft OS Desktop and Serves, we have a few CentOS servers but i rarely need to do any work on them, thet just work 24/7 for our system and our customers.

    anyhow i did install Fedroa 20, 4 weeks ago, and then i remember, at least i thought i did remember that i dident had to install any extra packs like samba, kerberos, realmd and so on. but now it’s yum installed and updated.

    thanks for the post, i usuly copy the information and URL and make my privet/personal documentation to read it later if i need, you never know if this site will be up and running next time i need this good info :)

    thanks a lot and i hope its ok to copy your text for personal use?

    if not plz make a TAG / NOTE at the end of your information.

    Best Regards
    WDac @ Sweden.

    • I’m glad you found it helpful. You are free to use my information however you wish. If you’re copying large parts of it, just please give me a link back :)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

* Copy This Password *

* Type Or Paste Password Here *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Categories