source-git / realmd

Clone
Source Code
GIT

Files

  1.   2c58ab718f4fe80689245aeadfde9515a445c929
  2.   manual
  3.   guide-active-directory-join.html
Blob Blame History Raw 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Joining an Active Directory domain</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
<link rel="home" href="index.html" title="realmd">
<link rel="up" href="guide-active-directory.html" title="Using with Active Directory">
<link rel="prev" href="guide-active-directory-client.html" title="Active Directory client software">
<link rel="next" href="guide-active-directory-permit.html" title="Logins using Domain Accounts">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
<td><a accesskey="p" href="guide-active-directory-client.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
<td><a accesskey="u" href="guide-active-directory.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
<th width="100%" align="center">realmd</th>
<td><a accesskey="n" href="guide-active-directory-permit.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
</tr></table>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="guide-active-directory-join"></a>Joining an Active Directory domain</h2></div></div></div>
<p>To join an Active Directory domain with <span class="command"><strong>realmd</strong></span>
		you can use the <a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
		command line tool:</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>realm join --verbose domain.example.com</strong></span>
</pre></div>
<p>By specifying the <code class="option">--verbose</code> it's easier
		to see what went wrong if the join fails.</p>
<p>Other tools also use <span class="command"><strong>realmd</strong></span> which can
		be used to perform the join operation, for example: GNOME
		Control Center.</p>
<p>The join operation does the following:</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>Discovers information about the domain.</p></li>
<li class="listitem"><p>Installs the necessary software to join the domain, such as SSSD or Winbind.</p></li>
<li class="listitem"><p>If administrative credentials are required, a password will be prompted for.</p></li>
<li class="listitem"><p>A computer account in the domain will be created, and or updated.</p></li>
<li class="listitem"><p>A host keytab file at <code class="filename">/etc/krb5.keytab</code> is created.</p></li>
<li class="listitem"><p>Configures the SSSD or Winbind services, and restarts and enables them as appropriate.</p></li>
<li class="listitem"><p>Enables domain users in <code class="filename">/etc/nsswitch.conf</code></p></li>
</ul></div>
<p>In addition an Active Directory domain controller's host name
		or IP address may be specified to join via that domain controller
		directly.</p>
<p>After the join operation is complete, domain accounts should
		be usable locally, although logins using domain accounts are
		not necessarily enabled.</p>
<p>You verify that domain accounts are working with with a
		command like this:</p>
<div class="informalexample"><pre class="screen">
$ <span class="command"><strong>getent passwd DOMAIN\Administrator</strong></span>
</pre></div>
<p>The join operation will create or update a computer account
		in the domain. If you wish to specify a specific organizational unit
		where this account is created, you can use the
		<a class="link" href="realmd-conf.html#realmd-conf-active-directory" title="active-directory"><code class="option">computer-ou</code> setting</a>.
	        Additonally, you can override the default name for the computer account with the
		<a class="link" href="realmd-conf.html#realmd-conf-active-directory" title="active-directory"><code class="option">computer-name</code>
		setting</a>.</p>
<p>Specify the <code class="option">--user</code> to choose a different
		user name than the default <code class="literal">Administrator</code> user.</p>
<p>You can use kerberos credentials to perform the join. Use the
		<span class="command"><strong>kinit</strong></span> command to acquire credentials prior to
		starting the join. Do not specify the <code class="option">--user</code> argument,
		the user will be selected automatically from the credential cache.
		The <span class="command"><strong>realm</strong></span> respects the <code class="literal">KRB5_CCACHE</code>
		environment variable, but uses the default kerberos credential cache
		if it's not present.</p>
</div>
<div class="footer">
<hr>
          Generated by GTK-Doc
        </div>
</body>
</html>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation