redhat:other-redhat:join-domain-redhat

This is an old revision of the document!

How to join RHEL system to Active Directory

Voraussetzungen:

  • Red Hat Enterprise Linux 7 oder 6
  • Vorhandenes und funktionierendes - Active Directory

Konfigurationsablauf

  1. Make Sure RHEL machine is able to resolve Active Directory servers.
  2. Install adcli package along with sssd: 
    # yum install adcli sssd authconfig
  3. Then discover the AD domain: 
    adcli info ad.example.com
  4. adcli will show few details about the AD domain. now, join RHEL system to AD domain using adcli
    # adcli join ad.example.com

    Password for Administrator@AD.EXAMPLE.COM:  <---- Enter Admin password

  5. The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt, should show several entries that contain client hostname in some form: 
    # klist -kte
  6. Configure /etc/krb5.conf to use AD domain: 
    # vim /etc/krb5.conf

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    [libdefaults]
    default_realm = AD.EXAMPLE.COM
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
     
    [realms]
    AD.EXAMPLE.COM = {
    kdc = server.ad.example.com
    admin_server = server.ad.example.com
    }
     
    [domain_realm]
    .ad.example.com = AD.EXAMPLE.COM
    ad.example.com = AD.EXAMPLE.COM`

  7. Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):
    # authconfig --enablesssd --enablesssdauth --update
  8. 

    

    9. 








                    

                


                


                                        
                        
  •  redhat/other-redhat/join-domain-redhat.1504619553.txt.gz
  •  Last modified: 2017/09/05 15:52
  • by michael