HowTo: Add CentOS7 machine to Windows AD

Microsoft Active Directory(AD) is widely used in Enterprise for Centralized Authentication, Pushing Security related Policies, etc. Administrator may need to add CentOS7 machines to AD to use same user credentials.

This blog will provide steps to add CentOS7 Linux machine to AD.

There are multiple ways to achieve this and it is one of the way.

Domain Name: neeleshgurjar.com

Internal Name Server IP: 192.168.1.10

Domain Admin user / password : test / test123

In CentOS7 we will use nmcli to configure NetworkManager settings.

Steps:

Install realmd sssd oddjob oddjob-mkhomedir adcli samba-common:


$ yum -y install realmd sssd oddjob oddjob-mkhomedir adcli samba-common

Check name of Network Connection:


$ nmcli con show

NAME UUID TYPE DEVICE

Wired connection 1 cbb59d81-973b-488c-9154-cacf8b4c8ee6 802-3-ethernet enp0s3

enp0s3 9fde29e4-a509-46ff-9096-88cd0dea3902 802-3-ethernet  --

Change DNS to access AD Domain


$ nmcli con modify "Wired connection 1" ipv4.dns "192.168.1.10"

$ nmcli con modify "Wired connection 1" ipv4.dns-search "neeleshgurjar.com"

$ nmcli con modify "Wired connection 1" ipv4.ignore-auto-dns on

Restart network connection


$ nmcli con down "Wired connection 1"; nmcli con up "Wired connection 1"

Check if AD domain is discoverable.


$ realm discover neeleshgurjar.com

neeleshgurjar.com

type: kerberos

realm-name: neeleshgurjar.com

domain-name: neeleshgurjar.com

configured: no

server-software: active-directory

client-software: sssd

required-package: oddjob

required-package: oddjob-mkhomedir

required-package: sssd

required-package: adcli

required-package: samba-common

Join neeleshgurjar.com as “test” user


$ realm join neeleshgurjar.com -U test

Password for test:test123

Check if it is connected successfully


$ id NEELESHGURJAR\\test
uid=126401108(test@neeleshgurjar.com gid=126400513(domain users@neeleshgurjar.com) groups=126400513(domain users@neeleshgurjar.com)

To avoid using NEELESHGURJAR\\ everytime disable use_fully_qualified_names.

Make sure you have below setting in /etc/sssd/sssd.conf


use_fully_qualified_names = False

— Restart sssd


$ systemctl restart sssd

— Check login with test user


$ su - test

Now you can ssh server with test user as well.

Neelesh Gurjar has written 122 articles

One thought on “HowTo: Add CentOS7 machine to Windows AD

Leave a Reply