Differences

This shows you the differences between two versions of the page.

--- redhat:other-redhat:join-domain-redhat [2017/09/05 15:52] – [How to join RHEL system to Active Directory domain using adcli] michael
+++ redhat:other-redhat:join-domain-redhat [2019/03/07 14:49] (current) – [How to join RHEL system to Active Directory] michael
@@ Line 1: / Line 1: @@
 ====== How to join RHEL system to Active Directory ======
-===== Voraussetzungen: =====
-  * ''Red Hat Enterprise Linux 7'' oder 6
+{{ :redhat:other-redhat:join-computer-domain-redhat.png?nolink&300 |}}
-  * Vorhandenes und funktionierendes - ''Active Directory''
+<WRAP center round important 100%>
+**Voraussetzungen:**
+  * ''**Red Hat Enterprise Linux 7** / **6**''
+  * ''**Vorhandenes und funktionierendes - Active Directory**''
+</WRAP>
+----
 ===== Konfigurationsablauf =====
-  - Make Sure RHEL machine is able to resolve Active Directory servers.
+<wrap em>Before you start: Make Sure RHEL machine is able to resolve Active Directory servers!</wrap>
-  - Install adcli package along with sssd: <code># yum install adcli sssd authconfig</code>
+  - **Install adcli package** along with **sssd**: <code># yum install adcli sssd authconfig</code>
-  - Then discover the AD domain: <code>adcli info ad.example.com</code>
+  - Then **discover** the **AD domain**: <code>adcli info ad.example.com</code>
-  - adcli will show few details about the AD domain. now, **join RHEL system to AD domain using adcli**<WRAP center box 100%>
+  - **adcli** will show few details about the AD domain. now, **join RHEL system to AD domain using adcli**<WRAP center box 100%>
 <code># adcli join ad.example.com</code> <sxh plain; gutter: false;>Password for Administrator@AD.EXAMPLE.COM:  <---- Enter Admin password</sxh>
 </WRAP>
   - The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt, should show several entries that contain client hostname in some form: <code># klist -kte</code>
-  - Configure /etc/krb5.conf to use AD domain: <WRAP center box 100%> <code># vim /etc/krb5.conf</code> <sxh bash;>[libdefaults]
+  - **Configure /etc/krb5.conf** to use AD domain: <WRAP center box 100%> <code># vim /etc/krb5.conf</code> <sxh bash;>[libdefaults]
 default_realm = AD.EXAMPLE.COM
 dns_lookup_realm = true
@@ Line 33: / Line 42: @@
 </sxh>
 </WRAP>
-  - Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):<code># authconfig --enablesssd --enablesssdauth --update</code>
+  - Use authconfig to **set up** the **Name Service Switch**(/etc/nsswitch.conf) and **PAM stacks**(password-authand system-auth):<code># authconfig --enablesssd --enablesssdauth --update</code> //Above command will modify and add necessary entries in /etc/nsswitch.conf, /etc/pam.d/password-auth and /etc/pam.d/system-auth files.//
-  - <code></code>
+  - **The final step** is to __configure__ the **SSSD** itself. Open /etc/sssd/sssd.conf and define a single domain: <WRAP center box 100%>
+<code># vim /etc/sssd/sssd.conf</code> <sxh bash;>[sssd]
+services = nss, pam, ssh, autofs
+config_file_version = 2
+domains = AD.EXAMPLE.COM
+[domain/AD.EXAMPLE.COM]
+id_provider = ad
+# Uncomment if service discovery is not working # ad_server = server.win.example.com
+</sxh>
+</WRAP>
+  - Start the SSSD and make sure it's up after reboots: <code># systemctl start sssd
+# systemctl enable sssd</code>
+**After you are done, fetch user information for AD user and try to login:**
+<code># id Administrator
+# ssh Administrator@localhost</code>