{"id":6804,"date":"2020-03-02T18:15:00","date_gmt":"2020-03-02T17:15:00","guid":{"rendered":"https:\/\/monodes.com\/predaelli\/?p=6804"},"modified":"2020-03-02T16:17:51","modified_gmt":"2020-03-02T15:17:51","slug":"how-to-join-a-domain-from-fedora-31","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2020\/03\/02\/how-to-join-a-domain-from-fedora-31\/","title":{"rendered":"How to join a domain from Fedora 31"},"content":{"rendered":"\n

Once it was black magic, nowadays it is so simple: Join in Active Directory Domain 2019\/11\/12<\/a><\/p>\n\n\n\n

I suspect it could have been simpler if I followed the installer, but I preferred to go on my own.<\/p>\n\n\n\n\n\n\n

\n\n\n\n
\n
\u00a0<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
\u00a0<\/td>\n\n
Join in Windows Active Directory Domain with Realmd.<\/div>\n
This tutorial needs Windows Active Directory Domain Service in your Local Network<\/a>.
This example is based on the environment like follows.<\/div>\n
\n\n\n\n\n\n\n\n\n
Domain Server<\/td>\n: Windows Server 2019<\/td>\n<\/tr>\n
NetBIOS Name<\/td>\n: FD3S01<\/td>\n<\/tr>\n
Domain Name<\/td>\n: srv.world<\/td>\n<\/tr>\n
Realm<\/td>\n: SRV.WORLD<\/td>\n<\/tr>\n
Hostname<\/td>\n: fd3s.srv.world<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/td>\n<\/tr>\n
[1]<\/td>\nInstall some required packages.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
[root@dlp ~]#\n
dnf<\/a> -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common-tools<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
[2]<\/td>\nJoin in Windows Active Directory Domain.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
\n
\n
# change DNS setting to refer to AD<\/div>\n
[root@dlp ~]#\n
nmcli connection modify enp1s0 ipv4.dns 10.0.0.100<\/div>\n
[root@dlp ~]#\n
nmcli connection down enp1s0; nmcli connection up enp1s0<\/div>\n
Connection successfully activated (D-Bus active path: \/org\/freedesktop\/NetworkManager\/ActiveConnection\/2)<\/div>\n
# discover Active Directory domain<\/div>\n
[root@dlp ~]#\n
realm discover SRV.WORLD<\/div>\n
\n
srv.world\n  type: kerberos\n  realm-name: SRV.WORLD\n  domain-name: srv.world\n  configured: no\n  server-software: active-directory\n  client-software: sssd\n  required-package: oddjob\n  required-package: oddjob-mkhomedir\n  required-package: sssd\n  required-package: adcli\n  required-package: samba-common-tools\n\n<\/pre>\n
\n
# join in Active Directory domain<\/div>\n
[root@dlp ~]#\n
realm join SRV.WORLD<\/div>\n
Password for Administrator: \u00a0\n
# AD Administrator password<\/div>\n<\/div>\n
\n
# verify possible to get an AD user info<\/div>\n
[root@dlp ~]#\n
id Serverworld@srv.world<\/div>\n
uid=919201103(serverworld@srv.world) gid=919200513(domain users@srv.world) groups=919200513(domain users@srv.world)<\/div>\n
# verify possible to login with AD user<\/div>\n
[root@dlp ~]#\n
exit<\/div>\n
\n
logout\n\nFedora 31 (Server Edition)\nKernel 5.3.7-301.fc31.x86_64 on an x86_64 (ttyS0)\n\nWeb console: https:\/\/dlp.srv.world:9090\/ or https:\/\/10.0.0.30:9090\/\n\ndlp login: Serverworld@srv.world <\/span>\nPassword:\n[serverworld@srv.world@dlp ~]$   # logined<\/span>\n<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
[3]<\/td>\nIf you’d like to omit domain name for AD user, configure like follows.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
\n
[root@dlp ~]#\n
vi<\/a> \/etc\/sssd\/sssd.conf<\/div>\n<\/div>\n
\n
# line 16: change<\/div>\n
use_fully_qualified_names =\n
False<\/div>\n<\/div>\n
[root@dlp ~]#\n
systemctl<\/a> restart sssd<\/div>\n<\/div>\n[root@dlp ~]#\n
id Administrator<\/div>\n
\n
uid=919200500(administrator) gid=919200513(domain users) groups=919200513(domain users),919200572(denied rodc password replication group),919200518(schema admins),919200519(enterprise admins),919200512(domain admins),919200520(group policy creator owners)\n<\/pre>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\u00a0<\/div>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"
Once it was black magic, nowadays it is so simple: Join in Active Directory Domain 2019\/11\/12 I suspect it could have been simpler if I followed the installer, but I preferred to go on my own.<\/p>\n
Read more →<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[72],"tags":[],"class_list":["post-6804","post","type-post","status-publish","format-standard","hentry","category-documentations"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-1LK","jetpack-related-posts":[{"id":10226,"url":"https:\/\/monodes.com\/predaelli\/2023\/02\/14\/how-to-join-a-linux-system-to-an-active-directory-domain\/","url_meta":{"origin":6804,"position":0},"title":"How to join a Linux system to an Active Directory domain","author":"Paolo Redaelli","date":"2023-02-14","format":false,"excerpt":"Do you need to centrally manage Linux systems and user accounts under an Active Directory domain? Here's how to do it. Source: How to join a Linux system to an Active Directory domain You will end up having a \/etc\/sssd\/sssd.conf file like this [sssd] domains = YOUR_DOMAIN config_file_version = 2\u2026","rel":"","context":"In "Proprietary software"","block_context":{"text":"Proprietary software","link":"https:\/\/monodes.com\/predaelli\/category\/software\/proprietary-software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":178,"url":"https:\/\/monodes.com\/predaelli\/2015\/05\/21\/linux-into-a-windows-domain-active-directory\/","url_meta":{"origin":6804,"position":1},"title":"Linux into a Windows Domain (Active Directory)","author":"Paolo Redaelli","date":"2015-05-21","format":false,"excerpt":"Once it was called LikeWise-open, now it's new name is powerbrokeropen.org and\u00a0 allows Active Directory authentication for Linux, UNIX, and Mac systems by joining them to Active Directory domains. It integrates very very well into a GNU\/Linux system, using Pluggable Authentication Modules (PAM) and Name Service Switch (NSS) and it\u2026","rel":"","context":"In "Senza categoria"","block_context":{"text":"Senza categoria","link":"https:\/\/monodes.com\/predaelli\/category\/senza-categoria\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1789,"url":"https:\/\/monodes.com\/predaelli\/2016\/09\/28\/joining-debian-8-to-active-directory\/","url_meta":{"origin":6804,"position":2},"title":"Joining Debian 8 to Active Directory","author":"Paolo Redaelli","date":"2016-09-28","format":"link","excerpt":"Joining Debian 8 to Active Directory Joining a GNU\/Linux machine to a Microsoft Active Directory has been possible for years, but it\u2019s always been a bit of a science project that involved touching half-a-dozen obscure config files and usually resulted in me getting completely locked out of the machine. Various\u2026","rel":"","context":"In "Documentations"","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5044,"url":"https:\/\/monodes.com\/predaelli\/2018\/12\/10\/dehydrated-a-bash-client-for-lets-encrypt-antoine-aflalo\/","url_meta":{"origin":6804,"position":3},"title":"Dehydrated: a bash client for Let’s Encrypt – Antoine Aflalo","author":"Paolo Redaelli","date":"2018-12-10","format":false,"excerpt":"Tutorial on how to use Dehydrated, a bash client for Let's Encrypt ACME Protocol. Dehydrated helps you take care of your SSL certificates. Source: Dehydrated: a bash client for Let's Encrypt - Antoine Aflalo Dehydrated: a bash client for Let\u2019s Encrypt Dehydrated was firstly known as letsencrypt.sh but because letsencrypt\u2026","rel":"","context":"In "Web"","block_context":{"text":"Web","link":"https:\/\/monodes.com\/predaelli\/category\/web\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1143,"url":"https:\/\/monodes.com\/predaelli\/2016\/03\/14\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu-14-04-digitalocean\/","url_meta":{"origin":6804,"position":4},"title":"How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04 | DigitalOcean","author":"Paolo Redaelli","date":"2016-03-14","format":false,"excerpt":"Following https:\/\/letsencrypt.readthedocs.org\/en\/latest\/using.html#installation you can obtain a nice SSL certificate for your own webservers; yet for those who likes NGinx like me this guide How To Secure Nginx with Let's Encrypt on Ubuntu 14.04 | DigitalOcean is also useful In this tutorial, we will show you how to use Let's Encrypt\u2026","rel":"","context":"In "Software Libero"","block_context":{"text":"Software Libero","link":"https:\/\/monodes.com\/predaelli\/category\/software\/software-libero\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7139,"url":"https:\/\/monodes.com\/predaelli\/2020\/04\/27\/archiving-a-wordpress-website-with-wget-darcy-norman-dot-net\/","url_meta":{"origin":6804,"position":5},"title":"Archiving a (WordPress) website with wget – D’Arcy Norman dot net","author":"Paolo Redaelli","date":"2020-04-27","format":"link","excerpt":"Archiving a (WordPress) website with wget - D'Arcy Norman dot net Make Offline Mirror of a Site using `wget` Archiving a (WordPress) website with wget \u00a0Posted on December 24, 2011 I needed to archive several WordPress sites as part of the process of gathering the raw data for my thesis\u2026","rel":"","context":"In "Web"","block_context":{"text":"Web","link":"https:\/\/monodes.com\/predaelli\/category\/web\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/6804","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=6804"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/6804\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=6804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=6804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=6804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}