From Fedora Project Wiki
(Template page) |
No edit summary |
||
| Line 2: | Line 2: | ||
|description=Join the current machine to an Active Directory using OpenLMI | |description=Join the current machine to an Active Directory using OpenLMI | ||
|setup= | |setup= | ||
Install the components | |||
<pre> | |||
sudo setenforce 0 | |||
sudo yum install sblim-sfcb tog-pegasus pywbem | |||
sudo yum install realmd openlmi-realmd | |||
wget http://jdennis.fedorapeople.org/realmd-cim | |||
chmod +x realmd-cim | |||
</pre> | |||
Verify pegasus is running | |||
<pre>sudo systemctl status tog-pegasus</pre> | |||
Set the pegasus password, in this example we'll use XXXX as the password | |||
<pre>sudo passwd pegasus</pre> | |||
Fulfill the [[QA:Testcase_realmd_prerequisites|prerequisites and make sure your Active Directory domain access works]]. | |||
|actions= | |actions= | ||
# | # Show joined domains | ||
<pre> | |||
realm list | |||
./realmd-cim -u pegasus -p XXXX list | |||
</pre> | |||
<code>realmd-cim</code> should show equivalent information as to what <code>realmd-cim</code> shows | |||
|results= | |results= | ||
Revision as of 23:24, 8 May 2013
Description
Join the current machine to an Active Directory using OpenLMI
Setup
Install the components
sudo setenforce 0 sudo yum install sblim-sfcb tog-pegasus pywbem sudo yum install realmd openlmi-realmd wget http://jdennis.fedorapeople.org/realmd-cim chmod +x realmd-cim
Verify pegasus is running
sudo systemctl status tog-pegasus
Set the pegasus password, in this example we'll use XXXX as the password
sudo passwd pegasus
Fulfill the prerequisites and make sure your Active Directory domain access works.
How to test
- Show joined domains
realm list ./realmd-cim -u pegasus -p XXXX list
realmd-cim should show equivalent information as to what realmd-cim shows
Expected Results
- Check if you are joined to the domain
realm list
- The domain should be listed
- Make note of the login format
- Check that domain accounts can be resolved
getent passwd 'AD\User'
- Make sure to use the quotes around the user name.
- You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell.
- Use the login-formats you saw above, to build a remote user name. It will be in the form of DOMAIN\User, where DOMAIN is the first part of your full Active Directory domain name.
- Check that you have an appropriate entry in your hosts keytab.
sudo klist -k
- Check that you can use your keytab with kerberos
sudo kinit -k 'HOSTNAME$@AD.EXAMPLE.COM'
- Make sure to use quotes around the argument, because of the characters in there. #: Make sure the hostname and domain are capitalized.
- Use the principal from the output of the klist command above. Use the one that's capitalized and looks like HOSTNAME$@DOMAIN.
- There should be no output from this command.
- Try to log into the machine as a domain account at the console.
- This should automatically create a new home directory for the user, and log into a shell prompt.
More: Try it with FreeIPA
Use a FreeIPA domain with the OpenLMI join.
Troubleshooting
- RHBZ #XXXXXX If you see SELinux issues see this bug for details.
- Please do this and report all AVC's to the above bug.
$ sudo setenforce permissive ... do the test $ sudo grep realmd /var/log/audit/audit.log