From Fedora Project Wiki
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 2: | Line 2: | ||
|description=Join the current machine to an Active Directory, without using fully qualified user names. | |description=Join the current machine to an Active Directory, without using fully qualified user names. | ||
|setup= | |setup= | ||
# | # Make sure you have other required software: | ||
#* realmd 0.14.0 or later | |||
#* adcli 0.7 or later | |||
# Verify that your [[QA:Testcase_Active_Directory_Setup|Active Directory domain access works, or set a domain up]]. | |||
# You need a domain account as an administrator. | # You need a domain account as an administrator. | ||
# Leave realm(s) you are currently joined to. | # Leave realm(s) you are currently joined to. | ||
| Line 26: | Line 29: | ||
#: <pre>$ realm list</pre> | #: <pre>$ realm list</pre> | ||
#: Make sure the domain is listed. | #: Make sure the domain is listed. | ||
# Check that you can resolve domain accounts on the local computer without qualifying them with a domain name | # Check that you can resolve domain accounts on the local computer without qualifying them with a domain name | ||
#: <pre>$ getent passwd User</pre> | #: <pre>$ getent passwd User</pre> | ||
Latest revision as of 14:08, 9 May 2013
Description
Join the current machine to an Active Directory, without using fully qualified user names.
Setup
- Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
- Verify that your Active Directory domain access works, or set a domain up.
- You need a domain account as an administrator.
- Leave realm(s) you are currently joined to.
- Configure realmd not to use qualified user names for your test domain:
- Add this to
/etc/realmd.conf
- Add this to
[ad.example.com] fully-qualified-names = no
Make sure realmd is restarted:
$ sudo killall realmd
How to test
- Join the domain specifying a user principal name
$ realm join --user=Administrator ad.example.com
- Use your domain admin password when prompted. Specify a user other than
Administratorif you have another domain administrative account. - On a successful join there will be no output.
Expected Results
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Check that you can resolve domain accounts on the local computer without qualifying them with a domain name
$ getent passwd User
- You should see an output line that looks like passwd(5) output.
- The first field should be the user name, also not qualified by a domain.
- Go to GDM by logging out, or by Switch User from the user menu.
- On a Live CD if you get automatically logged in again, go to User Accounts and turn off Auto Login for the live cd user.
- Choose the Not Listed? option.
- Type
Userin the box.- The case of the user should not matter.
- Type the user's domain password, and press enter.
More: Test with winbind
Test the above again with winbind, change the join command as follows:
$ realm join --client-software=winbind --user=Administrator ad.example.com
Troubleshooting
Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ad.example.com