Description

Join the current machine to an Active Directory, without using fully qualified user names.

Setup

1. Make sure you have other required software:
   • realmd 0.14.0 or later
   • adcli 0.7 or later
2. Verify that your Active Directory domain access works, or set a domain up.
3. You need a domain account as an administrator.
4. Leave realm(s) you are currently joined to.
5. Configure realmd not to use qualified user names for your test domain:

   Add this to /etc/realmd.conf

[ad.example.com]
fully-qualified-names = no

Make sure realmd is restarted:

$ sudo killall realmd

How to test

1. Join the domain specifying a user principal name

   $ realm join --user=Administrator ad.example.com

   Use your domain admin password when prompted. Specify a user other than Administrator if you have another domain administrative account.

   On a successful join there will be no output.

Expected Results

1. Check that the domain is now configured.

   $ realm list

   Make sure the domain is listed.

2. Check that you can resolve domain accounts on the local computer without qualifying them with a domain name

   $ getent passwd User

   You should see an output line that looks like passwd(5) output.

   The first field should be the user name, also not qualified by a domain.

3. Go to GDM by logging out, or by Switch User from the user menu.

   On a Live CD if you get automatically logged in again, go to User Accounts and turn off Auto Login for the live cd user.

4. Choose the Not Listed? option.
5. Type User in the box.

   The case of the user should not matter.

6. Type the user's domain password, and press enter.

More: Test with winbind

Test the above again with winbind, change the join command as follows:

$ realm join --client-software=winbind --user=Administrator ad.example.com

Troubleshooting

Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.

$ realm join --verbose ad.example.com