From Fedora Project Wiki
Description
Join the current machine to an Active Directory domain using sssd as an AD client. Domain accounts are available on the local machine once this is done.
Setup
- Verify that your Active Directory domain access works. If you don't have an Active Directory domain, you can set one up.
- You need a domain account, either a user or administrator. It's useful to test with both.
- Your machine must have a configured host name. Do not proceed if you host name is
localhost
or similar.$ hostname
- Make sure you have <package>realmd</package> 0.9 or later installed.
$ rpm -q realmd
- Remove the following packages, they should be installed by realmd as necessary.
$ yum remove sssd samba-client adcli
How to test
- Perform the join command. Use the
--user=xxx
argument to specify your domain account name.$ realm join --user=User ad.example.com
- You will be prompted for a password for the account.
- On a successful join there will be no output.
- This can take up to a few minutes depending on how far away your Active Directory domain is.
Expected Results
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-membership
line in the output. - Make note of the
login-formats
line for the next command.
- Check that you can resolve domain accounts on the local domain.
$ getent passwd 'AD\User'
- You should see an output line that looks like passwd(5) output. It should contain an appropriate home directory, and a shell.
- Use the
login-formats
you saw above, to build a remote user name. It will be in the form ofDOMAIN\User
, where DOMAIN is the first part of your full Active Directory domain name.
Troubleshooting
Use the --verbose
argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose ad.example.com