Join the current machine to an Active Directory, without using fully qualified user names.
- Fulfill the prerequisites and make sure your Active Directory domain access works. realmd 0.14.0+ and adcli 0.6+ are required.
- You need a domain account as an administrator.
- Leave realm(s) you are currently joined to.
- Configure realmd not to use qualified user names for your test domain:
- Add this to
- Add this to
[ad.example.com] fully-qualified-names = no
Realmd service should be restarted after this change, so run
service realmd restart
How to test
- Join the domain specifying a user principal name
$ realm join --user=Administrator ad.example.com
- Use your domain admin password when prompted. Specify a user other than
Administratorif you have another domain administrative account.
- On a successful join there will be no output.
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure that the
- Check that you can resolve domain accounts on the local computer without qualifying them with a domain name
$ getent passwd User
- You should see an output line that looks like passwd(5) output.
- The first field should be the user name, also not qualified by a domain.
- Go to GDM by logging out, or by Switch User from the user menu.
- On a Live CD if you get automatically logged in again, go to User Accounts and turn off Auto Login for the live cd user.
- Choose the Not Listed? option.
Userin the box.
- The case of the user should not matter.
- Type the user's domain password, and press enter.
More: Test with winbind
Test the above again with winbind, change the join command as follows:
$ realm join --client-software=winbind --user=Administrator ad.example.com
--verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ad.example.com