From Fedora Project Wiki
Associated release criterion
This test case is associated with the Basic_Release_Criteria#remote-authentication release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion. If so, please file a bug and nominate it as blocking the appropriate milestone, using the blocker bug nomination page.
This test case is associated with the Basic_Release_Criteria#remote-authentication release criterion. If you are doing release validation testing, a failure of this test case may be a breach of that release criterion. If so, please file a bug and nominate it as blocking the appropriate milestone, using the blocker bug nomination page.
Description
Join the current machine to an Active Directory, manually specifying the domain server you want to join against .
Setup
- Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
- Verify that your Active Directory domain access works, or set a domain up.
- You need a domain account as an administrator.
- Leave realm(s) you are currently joined to.
- Get a server name (domain controllers) for the Active Directory domain
- If you don't know the servers for a given domain, you can use DNS to look them up:
$ host -t SRV _ldap._tcp.ad.example.com
How to test
- Join the domain, but instead of specifying the domain name, specify the domain controller host name:
$ realm join --user=Administrator server.ad.example.com
- Use your domain admin password when prompted. Specify a user other than
Administratorif you have another domain administrative account. - On a successful join there will be no output.
Expected Results
- Check that the domain is now configured.
$ realm list
- Make sure the domain is listed.
- Make sure you have a
configured: kerberos-memberline in the output. - Make note of the
login-formatsline for the next command.
- Check that you can resolve domain accounts on the local computer.
$ getent passwd 'AD\User'
- Make sure to use the quotes around the user name.
- You should see an output line that looks like passwd(5) output.
AD\User:*:6000:6000:User:/home/User:/bin/sh
- The uid, gid, home directory and shell should match those you set in the directory above.
- Verify that sssd has been configured to use specifically this server.
- The
/etc/sssd/sssd.conffile should contain a line like this: ad_server = server.ad.example.com
- The
More: Use an IP address
Specify the server's IP address instead of the server's DNS name:
$ realm join --user=Administrator 192.168.133.2
The join should proceed in the same way, and the IP address should be present in /etc/sssd/sssd.conf
More: Use the winbind client
Force use of winbind instead of sssd in the join.
$ realm join --user=Administrator --client-software=winbind server.ad.example.com
The join should complete successfully. After the join the file /etc/samba/smb.conf should contain the line:
password server = server.ad.example.com
This will not work with an IP address.
Troubleshooting
Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.
$ realm join --verbose server.ad.example.com