Microsoft Active Directory(AD) is widely used in Enterprise for Centralized Authentication, Pushing Security related Policies, etc. Administrator may need to add CentOS7 machines to AD to use same user credentials.
This blog will provide steps to add CentOS7 Linux machine to AD.
There are multiple ways to achieve this and it is one of the way.
Domain Name: neeleshgurjar.com
Internal Name Server IP: 192.168.1.10
Domain Admin user / password : test / test123
In CentOS7 we will use nmcli to configure NetworkManager settings.
Steps:
Install realmd sssd oddjob oddjob-mkhomedir adcli samba-common:
$ yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common
Check name of Network Connection:
$ nmcli con show NAME UUID TYPE DEVICE Wired connection 1 cbb59d81-973b-488c-9154-cacf8b4c8ee6 802-3-ethernet enp0s3 enp0s3 9fde29e4-a509-46ff-9096-88cd0dea3902 802-3-ethernet --
Change DNS to access AD Domain
$ nmcli con modify "Wired connection 1" ipv4.dns "192.168.1.10" $ nmcli con modify "Wired connection 1" ipv4.dns-search "neeleshgurjar.com" $ nmcli con modify "Wired connection 1" ipv4.ignore-auto-dns on
Restart network connection
$ nmcli con down "Wired connection 1"; nmcli con up "Wired connection 1"
Check if AD domain is discoverable.
$ realm discover neeleshgurjar.com neeleshgurjar.com type: kerberos realm-name: neeleshgurjar.com domain-name: neeleshgurjar.com configured: no server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common
Join neeleshgurjar.com as “test” user
$ realm join neeleshgurjar.com -U test Password for test:test123
Check if it is connected successfully
$ id NEELESHGURJAR\\test uid=126401108(test@neeleshgurjar.com gid=126400513(domain users@neeleshgurjar.com) groups=126400513(domain users@neeleshgurjar.com)
To avoid using NEELESHGURJAR\\ everytime disable use_fully_qualified_names.
Make sure you have below setting in /etc/sssd/sssd.conf
use_fully_qualified_names = False
— Restart sssd
$ systemctl restart sssd
— Check login with test user
$ su - test
Now you can ssh server with test user as well.
Thanks Nilesh. Good article.