Join the current machine to an Active Directory domain using sssd as an AD client. Domain accounts are available on the local machine once this is done.
- Verify that your Active Directory domain access works. If you don't have an Active Directory domain, you can set one up.
- You need a domain account, either a user or administrator. It's useful to test with both.
- Your machine must have a configured host name. Do not proceed if you host name is
- Make sure you have <package>realmd</package> 0.9 or later installed.
$ rpm -q realmd
- Remove the following packages, they should be installed by realmd as necessary.
$ yum remove sssd samba-client adcli
How to test
- Perform the join command. Use the
--user=xxxargument to specify your domain account name.
$ realm join --user=User ad.example.com
- You will be prompted for a password for the account.
- On a successful join there will be no output.
- This can take up to a few minutes depending on how far away your Active Directory domain is.
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-membershipline in the output.
- Make note of the
login-formatsline for the next command.
- Check that you can resolve domain accounts on the local domain.
$ getent passwd 'AD\User'
- You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell.
- Use the
login-formatsyou saw above, to build a remote user name. It will be in the form of
DOMAIN\User, where DOMAIN is the first part of your full Active Directory domain name.
--verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ad.example.com