I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.
Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server. It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.
Install the following packages
yum install sssd-tools adcli realmdsssd will not yet have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.
Disable selinux. Perhaps selinux can be re-enabled after joining and configuration?
Search for a realm
realm discover -v
* Looking up our DHCP domain
* Discovering for DHCP domain: somedomain.com
* Searching for kerberos SRV records for domain: _kerberos._udp.somedomain.com
* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.somedomain.com
* server1.somedomain.com:88 server2.somedomain.com:88 server3.somedomain.com:88
* Found kerberos DNS records for: somedomain.com
* Found AD style DNS records for: somedomain.com
* Successfully discovered: somedomain.com
somedomain.com
type: kerberos
realm-name: SOMEDOMAIN.COM
domain-name: somedomain.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: SOMEDOMAIN\%U
login-policy: allow-any-loginJoined the domain
realm join -U admin --verbose somedomain.comAllow all users from a given domain to login
realm permit --realm somedomain.com --allAdd the home directory paths
mkdir /home/SOMEDOMAINStart and enable sssd
systemctl enable sssd && systemctl start sssdLog out from the local user account and then log in as a user in the domain:
. uid: SOMEDOMAIN\uid
. This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid