This example shows to configure on the environment below.
Domain Server : Windows Server 2012 R2
Domain Name : poli01dc01
Realm : poli01ad01.local
Hostname : poli01srv01.poli01ad01.local
Install some required packages.
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common
Join in Windows Active Directory Domain.
# change the DNS to AD's one [root@dlp ~]# nmcli c modify ens3 ipv4.dns 10.1.1.5 [root@dlp ~]# nmcli c down ens3; nmcli c up ens3 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/1) # discover Active Directory domain [root@dlp ~]# realm discover POLI01AD01.LOCAL srv.world type: kerberos realm-name: POLI01AD01.LOCAL domain-name: POLI01AD01.LOCAL configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common # join in Active Directory domain [root@dlp ~]# realm join POLI01AD01.LOCAL Password for Administrator: # AD's Administrator password # make sure it's possible to get an AD user info or not [root@dlp ~]# id poli01srv01.poli01ad01.local\\Serverworld uid=406801001(POLI01SRV01@POLI01AD01.LOCAL) gid=406800513(domain users@srv.world) groups=406800513(domain users@srv.world) # make sure it's possible to switch to an AD user or not [root@dlp ~]# su - poli01srv01.poli01ad01.local\\Serverworld Creating home directory for serverworld@srv.world. [serverworld@srv.world@dlp ~]$ # just switched
If you’d like to omit domain name for AD user, configure like follows.
[root@dlp ~]# vi /etc/sssd/sssd.conf # line 16: change use_fully_qualified_names = False [root@dlp ~]# systemctl restart sssd [root@dlp ~]# id Administrator uid=406800500(administrator) gid=406800513(domain users) groups=406800513(domain users), 406800572(denied rodc password replication group),406800518(schema admins), 406800520(group policy creator owners),406800512(domain admins),406800519(enterprise admins)
That is all
