How to join RHEL system to Active Directory
Voraussetzungen:
Red Hat Enterprise Linux 7 / 6Vorhandenes und funktionierendes - Active Directory
Konfigurationsablauf
Before you start: Make Sure RHEL machine is able to resolve Active Directory servers!
- Install adcli package along with sssd:
# yum install adcli sssd authconfig
- Then discover the AD domain:
adcli info ad.example.com
- adcli will show few details about the AD domain. now, join RHEL system to AD domain using adcli
# adcli join ad.example.com
Password for Administrator@AD.EXAMPLE.COM: <---- Enter Admin password
- The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt, should show several entries that contain client hostname in some form:
# klist -kte
- Configure /etc/krb5.conf to use AD domain:
# vim /etc/krb5.conf
[libdefaults] default_realm = AD.EXAMPLE.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] AD.EXAMPLE.COM = { kdc = server.ad.example.com admin_server = server.ad.example.com } [domain_realm] .ad.example.com = AD.EXAMPLE.COM ad.example.com = AD.EXAMPLE.COM` - Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):
# authconfig --enablesssd --enablesssdauth --update
Above command will modify and add necessary entries in /etc/nsswitch.conf, /etc/pam.d/password-auth and /etc/pam.d/system-auth files.
- The final step is to configure the SSSD itself. Open /etc/sssd/sssd.conf and define a single domain:
# vim /etc/sssd/sssd.conf
[sssd] services = nss, pam, ssh, autofs config_file_version = 2 domains = AD.EXAMPLE.COM [domain/AD.EXAMPLE.COM] id_provider = ad # Uncomment if service discovery is not working # ad_server = server.win.example.com
- Start the SSSD and make sure it's up after reboots:
# systemctl start sssd # systemctl enable sssd
After you are done, fetch user information for AD user and try to login:
# id Administrator # ssh Administrator@localhost