From Fedora Project Wiki
(Initial page) |
(Update requirements) |
||
(One intermediate revision by one other user not shown) | |||
Line 2: | Line 2: | ||
|description=Join the current machine to an Active Directory, but use the POSIX attributes in the directory. | |description=Join the current machine to an Active Directory, but use the POSIX attributes in the directory. | ||
|setup= | |setup= | ||
# | # Make sure you have other required software: | ||
#* realmd 0.14.0 or later | |||
#* adcli 0.7 or later | |||
# Verify that your [[QA:Testcase_Active_Directory_Setup|Active Directory domain access works, or set a domain up]]. | |||
# You need a domain account as an administrator. | # You need a domain account as an administrator. | ||
# Leave realm(s) you are currently joined to. | # Leave realm(s) you are currently joined to. | ||
Line 15: | Line 18: | ||
automatic-id-mapping = no | automatic-id-mapping = no | ||
</pre> | </pre> | ||
Make sure realmd is restarted: | |||
<pre> | |||
$ sudo killall realmd | |||
</pre> | |||
|actions= | |actions= | ||
# Join the domain as usual: | # Join the domain as usual: |
Latest revision as of 06:30, 9 May 2013
Description
Join the current machine to an Active Directory, but use the POSIX attributes in the directory.
Setup
- Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
- Verify that your Active Directory domain access works, or set a domain up.
- You need a domain account as an administrator.
- Leave realm(s) you are currently joined to.
- You need the Identity Management for UNIX installed on the active directory.
- To check: Run Server Manager, click on Roles, scroll down to Active Directory Domain Services.
- To install: Click Add Role Services
- You need to assign POSIX attributes such as UID, GID, home directory and shell assigned to the users you'll be testing.
- In Active Directory Users and Computers, go to the Users section, right click on the relevant users and choose Properties. In the UNIX Attributes, fill in all the fields.
- Configure realmd by placing the following in:
/etc/realmd.conf
- Put in your domain name as appropriate:
[ad.example.com] automatic-id-mapping = no
Make sure realmd is restarted:
$ sudo killall realmd
How to test
- Join the domain as usual:
$ realm join --user=Administrator ad.example.com
- Use your domain admin password when prompted. Specify a user other than
Administrator
if you have another domain administrative account. - On a successful join there will be no output.
Expected Results
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-member
line in the output. - Make note of the
login-formats
line for the next command.
- Check that you can resolve domain accounts on the local computer.
$ getent passwd 'AD\User'
- Make sure to use the quotes around the user name.
- You should see an output line that looks like passwd(5) output.
AD\User:*:6000:6000:User:/home/User:/bin/sh
- The uid, gid, home directory and shell should match those you set in the directory above.
Troubleshooting
Use the --verbose
argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ad.example.com