How to Integrate RHEL 7 or CentOS 7 with Windows Active Directory
Update the host information
Update the file /etc/hosts and /etc/resolv.conf with the dns name of AD Server.
192.168.0.100 myadserver.testdomain.local myadserver
For resolv.conf,
search testdomain.local nameserver 192.168.0.100
Install required packages using yum command
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python
Join Windows Domain using realm command
We need a bind user which have privieleges on AD. For this purpose, we can use admin account from AD.
[root@mycentos7~]# realm join --user=iambinduser myadserver.testdomain.local Password for iambinduser:
Now use realm list command to verify whether the server has succesfully joined domain.
realm list testdomain.local type: kerberos realm-name: TESTDOMAIN.LOCAL domain-name: testdomain.local configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools login-formats: %U@testdomain.local login-policy: allow-realm-logins
Now you can use id username@domainname to get the uid , gid & groups of any domain users.
[root@mycentos7~]# id demouser@testdomain.local uid=1568975386(demouser@testdomain.local) gid=1896548297(domain demouser@testdomain.local) groups=15697049678(domain users@testdomain.local) [root@mycentos7~]#
By default, the realm will configure to use FQDN. But we can change this behavior by modifying /etc/
use_fully_qualified_names = False fallback_homedir = /home/%u
Restart sssd and daemon-reload.
| Adding AD domain groups to /etc/sudoers To do this, you would need to add an entry to the /etc/sudoers file. Adding the following entry to /etc/sudoers would allow you to give full %DOMAIN\\Group\ Name\ With\ Spaces ALL=(ALL) ALL %DOMAIN\\ITadmins ALL=(ALL) ALL |
