From Fedora Project Wiki
Join the current machine to an Active Directory, but use the POSIX attributes in the directory.
- Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
- Verify that your Active Directory domain access works, or set a domain up.
- You need a domain account as an administrator.
- Leave realm(s) you are currently joined to.
- You need the Identity Management for UNIX installed on the active directory.
- To check: Run Server Manager, click on Roles, scroll down to Active Directory Domain Services.
- To install: Click Add Role Services
- You need to assign POSIX attributes such as UID, GID, home directory and shell assigned to the users you'll be testing.
- In Active Directory Users and Computers, go to the Users section, right click on the relevant users and choose Properties. In the UNIX Attributes, fill in all the fields.
- Configure realmd by placing the following in:
- Put in your domain name as appropriate:
[ad.example.com] automatic-id-mapping = no
Make sure realmd is restarted:
$ sudo killall realmd
How to test
- Join the domain as usual:
$ realm join --user=Administrator ad.example.com
- Use your domain admin password when prompted. Specify a user other than
Administratorif you have another domain administrative account.
- On a successful join there will be no output.
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-memberline in the output.
- Make note of the
login-formatsline for the next command.
- Check that you can resolve domain accounts on the local computer.
$ getent passwd 'AD\User'
- Make sure to use the quotes around the user name.
- You should see an output line that looks like passwd(5) output.
- The uid, gid, home directory and shell should match those you set in the directory above.
--verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ad.example.com