Join the current machine to an Active Directory, manually specifying the domain server you want to join against .
- Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
- Verify that your Active Directory domain access works, or set a domain up.
- You need a domain account as an administrator.
- Leave realm(s) you are currently joined to.
- Get a server name (domain controllers) for the Active Directory domain
- If you don't know the servers for a given domain, you can use DNS to look them up:
$ host -t SRV _ldap._tcp.ad.example.com
How to test
- Join the domain, but instead of specifying the domain name, specify the server host name:
$ realm join --user=Administrator server.ad.example.com
- Use your domain admin password when prompted. Specify a user other than
Administratorif you have another domain administrative account.
- On a successful join there will be no output.
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-memberline in the output.
- Make note of the
login-formatsline for the next command.
- Check that you can resolve domain accounts on the local computer.
$ getent passwd 'AD\User'
- Make sure to use the quotes around the user name.
- You should see an output line that looks like passwd(5) output.
- The uid, gid, home directory and shell should match those you set in the directory above.
- Verify that sssd has been configured to use specifically this server.
/etc/sssd/sssd.conffile should contain a line like this:
ad_server = server.ad.example.com
More: Use an IP address
Specify the server's IP address instead of the server's DNS name:
$ realm join --user=Administrator 192.168.133.2
The join should proceed in the same way, and the IP address should be present in
More: Use the winbind client
Force use of winbind instead of sssd in the join.
$ realm join --user=Administrator --client-software=winbind server.ad.example.com
The join should complete successfully. After the join the file
/etc/samba/smb.conf should contain the line:
password server = server.ad.example.com
This will not work with an IP address.
--verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose server.ad.example.com