From Fedora Project Wiki

Revision as of 06:30, 9 May 2013 by Stefw (talk | contribs) (Update requirements)

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Description

Join the current machine to an Active Directory, manually specifying the domain server you want to join against .

Setup

  1. Make sure you have other required software:
    • realmd 0.14.0 or later
    • adcli 0.7 or later
  2. Verify that your Active Directory domain access works, or set a domain up.
  3. You need a domain account as an administrator.
  4. Leave realm(s) you are currently joined to.
  5. Get a server name (domain controllers) for the Active Directory domain
    If you don't know the servers for a given domain, you can use DNS to look them up:
    $ host -t SRV _ldap._tcp.ad.example.com

How to test

  1. Join the domain, but instead of specifying the domain name, specify the server host name: 
    $ realm join --user=Administrator server.ad.example.com
    Use your domain admin password when prompted. Specify a user other than Administrator if you have another domain administrative account.
    On a successful join there will be no output.

Expected Results

  1. Check that the domain is now configured. 
    $ realm list
    Make sure the domain is listed.
    Make sure you have a configured: kerberos-member line in the output.
    Make note of the login-formats line for the next command.
  2. Check that you can resolve domain accounts on the local computer. 
    $ getent passwd 'AD\User'
    Make sure to use the quotes around the user name.
  3. You should see an output line that looks like passwd(5) output. 
    AD\User:*:6000:6000:User:/home/User:/bin/sh
    The uid, gid, home directory and shell should match those you set in the directory above.
  4. Verify that sssd has been configured to use specifically this server.
    The /etc/sssd/sssd.conf file should contain a line like this:
    ad_server = server.ad.example.com



More: Use an IP address

Specify the server's IP address instead of the server's DNS name: 

$ realm join --user=Administrator 192.168.133.2

The join should proceed in the same way, and the IP address should be present in /etc/sssd/sssd.conf

More: Use the winbind client

Force use of winbind instead of sssd in the join. 

$ realm join --user=Administrator --client-software=winbind server.ad.example.com

The join should complete successfully. After the join the file /etc/samba/smb.conf should contain the line: 

password server = server.ad.example.com

This will not work with an IP address.

Troubleshooting

Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports. 

$ realm join --verbose server.ad.example.com
Retrieved from "https://fedoraproject.org/w/index.php?title=QA:Testcase_realmd_join_server&oldid=336211"