How to Configure a Linux Client for Active Directory Authentication

I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.

Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server.  It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.

  Run the following commands as a local user with root priveleges:

  . Installed necessary packages:
    . # yum install sssd-tools adcli realmd
    . sssd will not have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.

  . disabled selinux
    . Perhaps selinux can be re-enabled after joining and configuration?

  . search for a realm:
    . # realm discover -v
# realm discover -v
 * Looking up our DHCP domain
 * Discovering for DHCP domain: somedomain.com
 * Searching for kerberos SRV records for domain: _kerberos._udp.somedomain.com
 * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.somedomain.com
 * server1.somedomain.com:88 server2.somedomain.com:88 server3.somedomain.com:88
 * Found kerberos DNS records for: somedomain.com
 * Found AD style DNS records for: somedomain.com
 * Successfully discovered: somedomain.com
somedomain.com
  type: kerberos
  realm-name: SOMEDOMAIN.COM
  domain-name: somedomain.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: SOMEDOMAIN\%U
  login-policy: allow-any-login

  . joined the domain:
    . # realm join -U admin –verbose somedomain.com

  . allowed all lotame users to login
    . # realm permit –realm somedomain.com –all

  . Add the home directory paths
    . # mkdir /home/SOMEDOMAIN

  . chkconfig on sssd:
    . # systemctl enable sssd

  . Log out from the local user account and then log in as a user in the domain:
    . uid: SOMEDOMAIN\uid
    . This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid

Leave a Reply