This is an old revision of the document!
How to join RHEL system to Active Directory domain using adcli
Voraussetzungen:
Red Hat Enterprise Linux 7oder 6- Vorhandenes und funktionierendes -
Active Directory
Konfigurationsablauf
- Make Sure RHEL machine is able to resolve Active Directory servers.
- Install adcli package along with sssd:
# yum install adcli sssd authconfig
- Then discover the AD domain:
adcli info ad.example.com
- adcli will show few details about the AD domain. now, join RHEL system to AD domain using adcli
# adcli join ad.example.com
Password for Administrator@AD.EXAMPLE.COM: <---- Enter Admin password
- The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt, should show several entries that contain client hostname in some form:
# klist -kte
- Configure /etc/krb5.conf to use AD domain:
# vim /etc/krb5.conf
[libdefaults] default_realm = AD.EXAMPLE.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] AD.EXAMPLE.COM = { kdc = server.ad.example.com admin_server = server.ad.example.com } [domain_realm] .ad.example.com = AD.EXAMPLE.COM ad.example.com = AD.EXAMPLE.COM` - Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):
# authconfig --enablesssd --enablesssdauth --update