How to Join Domain in Linux.

-
Before we join the AD domain, we need to ensure that we have set up the time services (NTP) and DNS. With these infrastructure services in place, we will need the following packages installed on the CentOS / RHEL server:
  • realmd: This manages enrolment and membership to the Active Directory domains
  • samba: This denotes the Samba services
  • samba-common: This denotes the shared tools for servers and clients
  • oddjob: This is a D-bus service that runs the odd jobs for clients
  • oddjob-mkhomedir: This is used with the odd job services to create home directories for AD accounts, if needed
  • sssd: The System Security Services daemon can be used to divert client authentication as required
  • adcli: These are the tools for joining and managing AD domains
– Use the following command to install the required packages:
[root@ylclsrv001 ~]# sudo yum install oddjob realmd samba samba-common oddjob-mkhomedir sssd adcli

– To discover a Domain Identity we will use the realm discover command, that will return a complete domain configuration and a list of packages that must be installed for the system to be enrolled in the domain.
[root@ylclsrv001 ~]# realm discover CLOUDTECH.LOCAL
CLOUDTECH.LOCAL
  type: kerberos
  realm-name: CLOUDTECH.LOCAL
  domain-name: CLOUDTECH.LOCAL
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
cloudtech.local
  type: kerberos
  realm-name: CLOUDTECH.LOCAL
  domain-name: CLOUDTECH.local
  configured: no
– To join the AD domain, add the computer to the default folder in the AD domain using the following command:
sudo realm join --user=administrator@cloudtech.local cloudtech.local
Password for administrator@cloudtech.local:
– If you want to add it to a designated Organizational Unit within the Active Directory, you will first need to create the OU, or at least ensure that it exists. The following command we will join the server to AD Domain and add Computer Account to the Linux OU:
[root@ylclsrv001 ~]# sudo realm join --user=administrator@cloudtech.local --computer-ou=OU=Linux,OU=Servers,DC=CLOUDTECH,DC=LOCAL cloudtech.local
Password for administrator@cloudtech.local:

– If you got this error ” realm: Couldn’t join realm: Joining the domain CLOUDTECH.LOCAL failed“, just restart the realmdand retry again
– To test the system was successfully joined the domain use the below command:
[root@ylclsrv001 ~]# realm list
CLOUDTECH.LOCAL
  type: kerberos
  realm-name: CLOUDTECH.LOCAL
  domain-name: cloudtech.local
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools
  login-formats: %U@cloudtech.local
  login-policy: allow-realm-logins
– To display information about a user from the domain, run the following command:
# id yl01@cloudtech.local 
uid=344601106(yl01@CLOUDTECH.LOCAL) gid=344600513(domain users@CLOUDTECH.LOCAL) groups=344600513(domain users@CLOUDTECH.LOCAL),344601107(linuxadmins@CLOUDTECH.LOCAL)
– To permit only specific accounts from the domain to log in, use the following command: this command will change the mode to only allow logins by specific accounts, and then add the specified accounts to the list of accounts to permit.
[root@ylclsrv001 ~]# realm permit  User1@cloudtech.local User2@cloudtech.local
– To permit only one Active Directory group to logon use the following command: in this Example we will allow the LinuxAdmins AD group to logon to the system
[root@ylclsrv001 ~]# realm permit -g LinuxAdmins@cloudtech.local
– To give sudo permissions to an Active Directory group, in this example we will add LinuxAdmins AD group to sudoers by running the visudo command and add the follwoing line:
# visudo
%LinuxAdmins@cloudtech.local        ALL=(ALL)       ALL
– To leave an Active Directory domain, you can use the below command:
# realm leave --user=--user=administrator@cloudtech.local cloudtech.local

– If you want to leave the domain and to delete the comuter Account you can use the additional option –remove in the end of the command
# realm leave --user=--user=administrator@cloudtech.local cloudtech.local --remove
Password for administrator@cloudtech.local:

Comments

Post a Comment

Popular posts from this blog

Windows Defender

-
Image
Windows Defender Windows Defender is Microsoft’s proprietary anti-malware tool that is used in Windows 8.1 and Windows 10 by default. At the time of its creation, it used to be rather cropped and ineffective, which caused an outpouring of criticism. However, it has been seriously improved since then, so in 2019, it has much to be loved for. Especially, because it became one of the best free Antivirus in its segment. As of today, it is a full-featured antivirus product that provides strong malware protection and some useful extras. It is highly estimated by the world’s leading AV testing labs (though Avast free still scores higher ). Windows Defender detects and removes almost 100% of cyber threats without a heavy impact on the system performance. At the same time, the Defender still lacks some important features offered by top antivirus suites. Also, its performance is not completely flawless, especially when it comes to false positives. Finally, Microsoft doesn’t offer dedi
Read more

What is subnetting And How it works??

-
Image
Subnet        The main purpose of subnetting is to help relieve network congestion. Congestion used to be a bigger problem than it is today because it was more common for networks to use hubs than switches. When nodes on a network are connected through a hub, the entire network acts as a single collision domain. Partitioning a single network can help relieve network congestion and increase security If you work inside a large organisation or business, particularly one spread across multiple branches, it's highly likely that it deploys a subnet. A subnetting, or subnetworking, is the process of splitting a single large network into two or more strands. This means that an otherwise mammoth and unwieldy network can be subdivided into smaller, more localised networks. First, a look at IP addresses IP addresses are comprised of a 32-bit number with values ranging from zero to 4294967295, split into four octets. In order for it to be read, each octet (a uni
Read more

How to Test an Ethernet Cable

-
Image
1. Purchase an Ethernet cable tester. There are many models you can purchase. Make sure it has a   battery in it and power it on. 2. Plug one end of the cable into the transmit jack. The transmit jack on the tester maybe be labeled "TX".   3.Plug the other end of the cable into the receiver jack.The receiver jack may be labeled "RX" on the device. Some testers have a detachable receiver you can use to test the cable across different rooms. 4 . Check the lights on the tester. Most testers will have 2 sets of 8 LED lights that correspond to the 8 pins on the transmitting and receiving end of the Ethernet cable. There will also be a G light for the ground. It will test each pin one at a time. If all 8 pins light up on both ends, the cable is good. If any of the lights do not light up on either end, this indicates a short in the cable. Don't worry if the G light doesn't light up. If the lights on either end flash out of order, this
Read more