CentOS joins the AD domain 01/17 Update SLTechnology News&Howtos

CentOS joins the AD domain

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

Install each dependent package first

Yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python ntp-y

Make sure the parsing to AD is normal, edit the / etc/resolv.conf file

[root@@testLinux-WH ~] # cat / etc/resolv.conf

Search example.com

Nameserver 192.168.10.51

Ensure that the account has the appropriate permissions to join the AD domain

[root@@testLInux-WH] # realm join-- user=administrator example.com

Password for administrator:

If there is an error, you can use the command journalctl-xe REALMD_OPERATION=r549.7056 plus the error code to view the error message. Confirm that the DNS parsing is normal, and whether the time is consistent.

Ntpdate ntpserver

Use realm list to confirm realm information

[root@@testLinux-WH ~] # realm list

Example.com

Type: kerberos

Realm-name: EXAMPLE.COM

Domain-name: example.com

Configured: kerberos-member

Server-software: active-directory

Client-software: sssd

Required-package: oddjob

Required-package: oddjob-mkhomedir

Required-package: sssd

Required-package: adcli

Required-package: samba-common-tools

After the domain is added successfully, the relevant records are automatically created in AD.

Since the full user name "administrator@example.com" is used by default in CentOS, the / etc/sssd/sssd.conf configuration file needs to be modified to achieve the purpose of using a short user name

Use_fully_qualified_names = False

Fallback_homedir = / home/%u

Restart the service to take effect

Systemctl restart sssd

Try to connect using a test account

Ssh fei-u031@192.168.0.101

Fei-u031@192.168.0.101's password:

Creating home directory for fei-u031.

Last failed login: Wed Aug 7 15:52:22 CST 2019 from adsvr01.example.com on ssh:notty

There were 4 failed login attempts since the last successful login.

/ usr/bin/xauth: file / home/fei-u031/.Xauthority does not exist

[fei-u031@testLinux-WH ~] $pwd

/ home/fei-u031

Exit the AD domain

Realm leave example.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.