Before you begin ensure that the DNS on the Linux computer you wish to join to the domain is pointed to a the Active Directory server. Active Directory relies heavily on DNS to function.
STEP 1. Ensure the following packages are installed
yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common
STEP 2. From the computer you will join to the domain run realm discover to verify connectivity to the domain controllers.
[root@test02 ~] realm discover LAB.NET lab.net type: kerberos realm-name: LAB.NET domain-name: lab.net configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U login-policy: allow-realm-logins
STEP 3. Join Active Directory domain, you must use an account which has privileges to join a computer the domain.
[root@test02 ~] realm join -U adminuser LAB.NET
STEP 4. Verify you can retrieve directory information for user
[root@test02 ~] id LAB\\ktest uid=522401118(ktest) gid=522400513(domain users) groups=522400513(domain users)
STEP 5. Verify the ability to perform a su to an Active Directory user
[root@test02 ~] su - ktest Last login: Sun Sep 20 05:21:42 CDT 2015 on pts/0 [ktest@test02 ~]$
STEP 6. To remove the requirement of fully qualifying the Active Directory username edit the sssd.conf file. After this change you will not be required to use DOMAIN\\ when logging in as an Active Directory user.
[root@test02 ~] vi /etc/sssd/sssd.conf use_fully_qualified_names = False [root@test02 ~] systemctl restart sssd