Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.


  • How to Configure a Linux Client for Active Directory Authentication
    04/26/2016 9:06PM
    I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.

    Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server.  It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.

      Run the following commands as a local user with root priveleges:

      . Installed necessary packages:
        . # yum install sssd-tools adcli realmd
        . sssd will not have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.

      . disabled selinux
        . Perhaps selinux can be re-enabled after joining and configuration?

      . search for a realm:
        . # realm discover -v
    # realm discover -v
     * Looking up our DHCP domain
     * Discovering for DHCP domain: somedomain.com
     * Searching for kerberos SRV records for domain: _kerberos._udp.somedomain.com
     * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.somedomain.com
     * server1.somedomain.com:88 server2.somedomain.com:88 server3.somedomain.com:88
     * Found kerberos DNS records for: somedomain.com
     * Found AD style DNS records for: somedomain.com
     * Successfully discovered: somedomain.com
      type: kerberos
      realm-name: SOMEDOMAIN.COM
      domain-name: somedomain.com
      configured: kerberos-member
      server-software: active-directory
      client-software: sssd
      required-package: sssd-tools
      required-package: sssd
      required-package: adcli
      required-package: samba-common
      login-formats: SOMEDOMAIN\%U
      login-policy: allow-any-login

      . joined the domain:
        . # realm join -U admin --verbose somedomain.com

      . allowed all lotame users to login
        . # realm permit --realm somedomain.com --all

      . Add the home directory paths
        . # mkdir /home/SOMEDOMAIN

      . chkconfig on sssd:
        . # systemctl enable sssd

      . Log out from the local user account and then log in as a user in the domain:
        . uid: SOMEDOMAIN\uid
        . This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid
Advanced Search