1. Install proper
packages
# yum install sssd realmd oddjob oddjob-mkhomedir adcli
samba-common samba-common-tools krb5-workstation openldap-clients
policycoreutils-python
2. Now that
all packages have been installed, the first thing to do is to join the rhel
system to the Active Directory domain.
# realm join --user=[your AD user] [Your domain name]
3. Verify the domain status
# realm list
4.So now that the Linux server is part of the AD
domain, domain users can access the server with their usual credentials. We can
configure sssd.conf to allow specific user group to login to this system
[domain/example.com]
ad_domain = example.com
ad_enabled_domains =
example.com
ad_server =
to8pdc01.example.com
ad_backup_server =
to8pdc02.example.com
dns_discovery_domain =
example.com
fallback_homedir =
/home/%u
ldap_id_mapping = True
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
use_fully_qualified_names
= False
realmd_tags =
manages-system joined-with-samba
ad_enable_gc = True
ad_gpo_default_right =
permit
dyndns_update = False
ad_gpo_access_control =
permissive
krb5_server =
to8pdc01.example.com
krb5_realm = EXAMPLE.COM
cache_credentials = True
krb5_store_password_if_offline
= True
ldap_user_ssh_public_key
= altSecurityIdentities
debug_level = 0
ad_access_filter =
(|(&(objectClass=user)(memberOf=CN=gad_unix,OU=managed_groups,OU=groups,OU=symcor
inc,DC=symprod,DC=com)(unixHomeDirectory=*)))
5. restart sssd
# systemctl restart sssd
No comments:
Post a Comment