CentOS7 Add to windows2008 AD domain

When using domain control to restrict user permissions, it often appears that you need to join Linux to the Windows domain, after all, the ad domain of Windows is super powerful. User name can be unified management by Windows, convenient for office use. Here's a quick overview of how to configure.

Linux:centos Linux release 7.2.1511 (Core)

Windows:windows R2 Enterprise Datacenter Fully installed version

How to configure the Windows AD domain is not described. Please own Baidu. Very simple.

The domain name for Windows is sumoning.com server IP 10.2.84.84

Configure the CentOS7 yum and DNS below

1 MV/etc/Yum. repos.d/etc/Yum. Repos.d.bak2 mkdir/etc/Yum. REPOS.D3cd/etc/Yum. REPOS.D4 wgethttp//Mirrors.163.com/.help/centos7-base-163.repo5 YumMakecahce6 Echo "nameserver 10.2.48.84">>/etc/resolv.conf

Install the necessary packages

1 yum install -y krb5-workstation realmd sssd samba-common adcli Oddjob oddjob-mkhomedir s Amba Samba-common-tools

SSSD is a newly added daemon in Red Hat Enterprise Linux6 that can be used to access a variety of authentication servers, such as Ldap,kerberos, and provide authorization.

Discovery Domain Control Server

1 Realm Discover sumoning.com

Join the Domain control server

1 Realm join sumoning.com

If the password is entered correctly, as shown below

List domain control servers

1 Realm list

The user in the domain control server is test and can be logged in two ways:

1 su - [email protected]2su -sumoning\\test

No need to enter a password to switch to another user using the root user

Modify the configuration file so that users do not need to use the domain name to log on

Vim/etc/sssd/sssd.conf

1 [SSSD]2domains =sumoning.com3Config_file_version =24Services =NSS, Pam5 6[domain/Sumoning.com]7AD_domain =sumoning.com8Krb5_realm =sumoning.com9Realmd_tags = Manages-system joined-with-SambaTenCache_credentials =True OneId_provider =AD AKrb5_store_password_if_offline =True -Default_shell =/bin/Bash #登陆时的默认shell -Ldap_id_mapping =True theUse_fully_qualified_names =False # True changes to False -Fallback_homedir =/home/%[email protected]%d # Home Directory -Access_provider = AD

Restart SSSD Service

1 systemctl Restart SSSD

The following can happily use the MS account for Linux landing.

A brief introduction to several ways to use realm

1. Realm Discover-v [realm-Name] Discover Available Realm discovery domain2. RealmJoin-V [-u user] realm-name Enroll this machineincha realm Join domain3. realm leave-v [u user] [realm-Name] Unenroll this machine from a realm domain join4. Realm List List known Realms list domains5. Realm permit [-ax] [-R Realm] User ... Permit user logins allows certain domain users or domain group users to log on6. Realm Deny--all [-R Realm] Deny user logins does not allow domain login

　　

CentOS7 Add to windows2008 AD domain