I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.
Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server. It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.
Install the following packages
yum install sssd-tools adcli realmd
sssd will not yet have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.
Disable selinux. Perhaps selinux can be re-enabled after joining and configuration?
Search for a realm
realm discover -v * Looking up our DHCP domain * Discovering for DHCP domain: somedomain.com * Searching for kerberos SRV records for domain: _kerberos._udp.somedomain.com * Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.somedomain.com * server1.somedomain.com:88 server2.somedomain.com:88 server3.somedomain.com:88 * Found kerberos DNS records for: somedomain.com * Found AD style DNS records for: somedomain.com * Successfully discovered: somedomain.com somedomain.com type: kerberos realm-name: SOMEDOMAIN.COM domain-name: somedomain.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: adcli required-package: samba-common login-formats: SOMEDOMAIN\%U login-policy: allow-any-login
Joined the domain
realm join -U admin --verbose somedomain.com
Allow all users from a given domain to login
realm permit --realm somedomain.com --all
Add the home directory paths
Start and enable sssd
systemctl enable sssd && systemctl start sssd
Log out from the local user account and then log in as a user in the domain:
. uid: SOMEDOMAIN\uid
. This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid