How To Add A Service On Redhat

In most environments, the Agile Directory domain is the primal hub for user information, which ways that there needs to exist some way for Linux systems to access that user data for authentication requests. In this article we will testify you how to join a CentOS seven / RHEL vii system to an Agile Directory Domain.

Before nosotros join the AD domain, we demand to ensure that nosotros have fix the time services (NTP) and DNS. With these infrastructure services in place, we will need the post-obit packages installed on the CentOS / RHEL server:

• realmd: This manages enrolment and membership to the Active Directory domains
• samba: This denotes the Samba services
• samba-common: This denotes the shared tools for servers and clients
• oddjob: This is a D-coach service that runs the odd jobs for clients
• oddjob-mkhomedir: This is used with the odd task services to create dwelling directories for Advertizement accounts, if needed
• sssd: The System Security Services daemon tin be used to divert client authentication as required
• adcli: These are the tools for joining and managing AD domains

Join CentOS vii/ RHEL 7 Servers to Active Directory Domain

01- First, use the post-obit control to install the required packages:

[[e-mail protected] ~]# sudo yum install oddjob realmd samba samba-common oddjob-mkhomedir sssd adcli        

02- To discover a Domain Identity we will use the realm discover command, that volition return a complete domain configuration and a list of packages that must be installed for the system to be enrolled in the domain.

[[email protected] ~]# realm notice yallalabs.local YALLALABS.LOCAL   type: kerberos   realm-name: YALLALABS.LOCAL   domain-name: YALLALABS.LOCAL   configured: no   server-software: active-directory   client-software: sssd   required-package: oddjob   required-bundle: oddjob-mkhomedir   required-package: sssd   required-package: adcli   required-bundle: samba-common-tools yallalabs.local   type: kerberos   realm-name: YALLALABS.LOCAL   domain-proper name: yallalabs.local   configured: no        

03- Now, to bring together the Advertisement domain, add the figurer to the default folder in the AD domain using the post-obit command:

sudo realm join [email protected] yallalabs.local Password for [electronic mail protected]:        

– If you want to add together it to a designated Organizational Unit within the Active Directory, you volition first need to create the OU, or at least ensure that it exists. The following command nosotros will bring together the server to AD Domain and add Computer Account to the Linux OU:

[[email protected] ~]# sudo realm join [email protected] --computer-ou=OU=Linux,OU=Servers,DC=YALLALABS,DC=LOCAL yallalabs.local Password for [email protected]:        

If you got this error " realm: Couldn't bring together realm: Joining the domain YALLALABS.LOCAL failed", just restart the realmd and retry again

04- To exam the arrangement was successfully joined the domain apply the below control:

[[email protected] ~]# realm list YALLALABS.LOCAL   blazon: kerberos   realm-proper name: YALLALABS.LOCAL   domain-name: yallalabs.local   configured: kerberos-member   server-software: agile-directory   client-software: sssd   required-bundle: oddjob   required-package: oddjob-mkhomedir   required-parcel: sssd   required-package: adcli   required-package: samba-common-tools   login-formats: %[email protected]   login-policy: allow-realm-logins        

05- To display data about a user from the domain, run the post-obit command:

# id [email protected]  uid=344601106([email protected]) gid=344600513(domain [email protected]) groups=344600513(domain [email protected]),344601107([electronic mail protected])        

06- To let only specific accounts from the domain to log in, utilize the following control: this control will alter the way to simply permit logins by specific accounts, so add the specified accounts to the list of accounts to permit.

[[email protected] ~]# realm permit  [electronic mail protected] [e-mail protected]        

07- To permit only one Active Directory group to logon use the following command: in this Example nosotros will permit the LinuxAdmins AD group to logon to the organization

[[electronic mail protected] ~]# realm permit -k [email protected]        

08- To give sudo permissions to an Active Directory grouping, in this instance we will add LinuxAdmins AD group to sudoers by running the visudo command and add the follwoing line:

# visudo %[email protected]        ALL=(ALL)       ALL        

09- To leave an Active Directory domain, you tin use the beneath command:

# realm leave [e-mail protected] yallalabs.local        

– If you want to leave the domain and to delete the comuter Account you tin can use the additional option --remove in the end of the control

# realm leave [email protected] yallalabs.local --remove Password for [email protected]:        

Determination

you can achieve join CentOS seven/ RHEL 7 Servers to Active Directory using Ansible
check out this article:
How to Join CentOS 7/ RHEL 7 Servers to Agile Directory Domain using Ansible

We hope this tutorial was plenty Helpful. If you need more information, or have whatsoever questions, just annotate below and we will be glad to assist you!

If yous like our content, delight consider buying us a coffee. Thank you for your support!

Lotfi Waderni

I'thousand a technical writer with a groundwork in Linux and windows server administration.

How To Add A Service On Redhat,

Source: https://yallalabs.com/linux/how-to-join-centos-7-rhel-7-servers-to-active-directory-domain/

Posted by: lukensorms1986.blogspot.com

Share this post