Centos Domain join

Seth Karlinsey

First, install all of the security patches/bugfixes to the server.  

#yum update 

 

Next, install the dependencies for domain joining. SSSD is the preferred method of joining to a domain.  

 

# dnf install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python 

 

Join the domain with authorized credentials. I used the Admin account in this example. 

# realm join --user=administrator xenos.local

Check the connection to AD.  

# realm list 

 Output should be similar to this: 

Xenos.local

  type: kerberos 

  realm-name: XENOS.local 

  domain-name: xenos.local 

  configured: kerberos-member 

  server-software: active-directory 

  client-software: sssd 

  required-package: oddjob 

  required-package: oddjob-mkhomedir 

  required-package: sssd 

  required-package: adcli 

  required-package: samba-common-tools 

  login-formats: %U 

  login-policy: allow-realm-logins 

 

Edit /etc/sudoers and add these lines to the end. This restricts admin permissions to domain administrators 

 

%Domain\ Admins    ALL=(ALL)       ALL 

 

Edit /etc/sssd/sssd.conf and change  

 

use_fully_qualified_names = True 

fallback_homedir = /home/%u@%d 

 

To  

 

use_fully_qualified_names = False 

fallback_homedir = /home/%u 

 

Then reboot. 

  

#reboot 

This article was updated on April 18, 2024