From Fedora Project Wiki

(Add about joining server)
 
(Update requirements)
Line 2: Line 2:
|description=Join the current machine to an Active Directory, manually specifying the domain server you want to join against .
|description=Join the current machine to an Active Directory, manually specifying the domain server you want to join against .
|setup=
|setup=
# Fulfill the [[QA:Testcase_realmd_prerequisites|prerequisites and make sure your Active Directory domain access works]]. realmd 0.14.0+ and adcli 0.6+ are required.
# Make sure you have other required software:
#* realmd 0.14.0 or later
#* adcli 0.7 or later
# Verify that your [[QA:Testcase_Active_Directory_Setup|Active Directory domain access works, or set a domain up]].
# You need a domain account as an administrator.
# You need a domain account as an administrator.
# Leave realm(s) you are currently joined to.
# Leave realm(s) you are currently joined to.

Revision as of 06:30, 9 May 2013

Description

Join the current machine to an Active Directory, manually specifying the domain server you want to join against .

Setup

  1. Make sure you have other required software:
    • realmd 0.14.0 or later
    • adcli 0.7 or later
  2. Verify that your Active Directory domain access works, or set a domain up.
  3. You need a domain account as an administrator.
  4. Leave realm(s) you are currently joined to.
  5. Get a server name (domain controllers) for the Active Directory domain
    If you don't know the servers for a given domain, you can use DNS to look them up:
    $ host -t SRV _ldap._tcp.ad.example.com

How to test

  1. Join the domain, but instead of specifying the domain name, specify the server host name:
    $ realm join --user=Administrator server.ad.example.com
    Use your domain admin password when prompted. Specify a user other than Administrator if you have another domain administrative account.
    On a successful join there will be no output.

Expected Results

  1. Check that the domain is now configured.
    $ realm list
    Make sure the domain is listed.
    Make sure you have a configured: kerberos-member line in the output.
    Make note of the login-formats line for the next command.
  2. Check that you can resolve domain accounts on the local computer.
    $ getent passwd 'AD\User'
    Make sure to use the quotes around the user name.
  3. You should see an output line that looks like passwd(5) output.
    AD\User:*:6000:6000:User:/home/User:/bin/sh
    The uid, gid, home directory and shell should match those you set in the directory above.
  4. Verify that sssd has been configured to use specifically this server.
    The /etc/sssd/sssd.conf file should contain a line like this:
    ad_server = server.ad.example.com



More: Use an IP address

Specify the server's IP address instead of the server's DNS name:

$ realm join --user=Administrator 192.168.133.2

The join should proceed in the same way, and the IP address should be present in /etc/sssd/sssd.conf

More: Use the winbind client

Force use of winbind instead of sssd in the join.

$ realm join --user=Administrator --client-software=winbind server.ad.example.com

The join should complete successfully. After the join the file /etc/samba/smb.conf should contain the line:

password server = server.ad.example.com

This will not work with an IP address.

Troubleshooting

Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.

$ realm join --verbose server.ad.example.com