How to Configure a Linux Client for Active Directory Authentication

I am currently working on setting up multiple environments for a new project (DEV, QA, and PROD) and will be integrating all of the servers to an Active Directory Domain Controller for user management.

Following are notes from when I configured a Fedora Core 18 laptop to integrate with an AD server.  It is likely things have changed some from then and I will update this as required for a current version of RHEL7/CentOS 7.

Install the following packages

yum install sssd-tools adcli realmd

sssd will not yet have the /etc/sssd/sssd.conf file installed until you join a domain (see below) so do not try to configure it.

Disable selinux. Perhaps selinux can be re-enabled after joining and configuration?

Search for a realm

realm discover -v
 * Looking up our DHCP domain
 * Discovering for DHCP domain:
 * Searching for kerberos SRV records for domain:
 * Searching for MSDCS SRV records on domain:
 * Found kerberos DNS records for:
 * Found AD style DNS records for:
 * Successfully discovered:
  type: kerberos
  realm-name: SOMEDOMAIN.COM
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: SOMEDOMAIN\%U
  login-policy: allow-any-login

Joined the domain

realm join -U admin --verbose

Allow all users from a given domain to login

realm permit --realm --all

Add the home directory paths

mkdir /home/SOMEDOMAIN

 Start and enable sssd

systemctl enable sssd && systemctl start sssd

Log out from the local user account and then log in as a user in the domain:
    . uid: SOMEDOMAIN\uid
    . This will log you in as that user and create a home account in /home/SOMEDOMAIN/uid

Leave a Reply