Now click on System and Security and then click on System. Finally, click on Advanced system settings. Now click on the Computer Name tab and click on the Change button at the bottom:. Now click on the Domain radio button and type in the name of the domain name that you want to join this computer to.
Note that on my computer, the Domain and the Network ID buttons are grayed out! Why so? Kind of annoying, but what can you do! The Professional edition also gives you BitLocker and the ability to backup to a home or business network.
This is by far the easiest method and it works on all versions of Windows, which is nice. In Windows 10, they keep changing the settings and certain dialogs have disappeared while news one have appeared.
Enter the primary domain access User Name. You can either enter the plain user name for example, sg-admin or use the [email protected] format [email protected]. This account must have sufficient rights for joining the domain. Enter the Password for this user. Click OK. The appliance displays a message indicating that the domain was successfully joined and the value in the Joined field changes to Yes. If you want to add additional Windows domains, repeat the above steps. Click Apply to save your changes.
For Windows systems, joining a system to the domain means two entries are automatically managed and maintained on the DNS server. This means you can change the IPs of systems without incurring the cost of manual maintenance. This will only make sense to people who already take advantage of DNS in their environments.
Aside from the noticeable productivity gains of automation, it helps to have both Windows and Linux environments working the same way. The third issue is DNS Scavenging. This is super convenient. Automatically, at a specified interval, stale DNS records are deleted to prevent misdirected packets and also take care of deleted computer objects.
This is known as scavenging , and it is not turned on by default in AD. However, if it is turned on, we need to configure it. Typically, the scavenging interval is seven days.
If, after that period, there has been no update to the record, it is deleted, unless it is a static record. For Windows systems, the Dynamic Updates feature is automatically set up. However, with Linux servers, a few modifications need to be made. Without doing that, we will have services going down after a while because their records are deleted from DNS, and no one knows how to reach their component parts. Now that we know some of the potential issues we need to address, let's take a look at some of the things we can tweak to deliver a more seamless experience to the end-user and the sysadmin.
In other words, it is the primary interface between the directory service and the module requesting authentication services, realmd. As a matter of fact, this is the main configuration file we will modify. Let's have a look at its contents before configuration.
Once you join the domain, it is immediately modified to contain the minimum information required for a successful logon. My file looked like this:. In order to solve all three of the problems I mentioned earlier, edit your file to look like the one below:. Most of the options are self-explanatory, and you can modify yours accordingly while we step through what some of the key options represent.
More information on all the options can be obtained by checking the man page. I think it is well written. Just type man 5 sssd. First and foremost, the configuration file is separated into two sections. The global section contains options that affect the general behavior of sssd , such as the version information and related services.
One key parameter under this section is shown below:. The domain-specific section contains parameters that are specific to the domain you have joined. Key parameters are:. Users that are granted access have unprivileged access to the Linux server. For all intents and purposes, all Active Directory accounts are now accessible to the Linux system, in the same way natively-created local accounts are accessible to the system.
You can now do the regular sysadmin tasks of adding them to groups, making them owners of resources, and configure other needed settings. If the user tries any activity that requires sudo access, the familiar error is presented. As can be seen in the inset, our user is not in the sudoers file.
In that light, we can edit the sudoers file directly to grant them superuser privileges. This is not an article on granting superuser privileges, but we can use the visudo tool to interact safely with the sudoers file.
Alternatively, we could have just added the user to the wheel group. The point is the user account is now available to be used by the system. Check out Network automation for everyone , a free book from Red Hat. Try this out in your organization or lab environment. It is obvious I just scratched the surface on this topic but this will get you pretty far into the process. Check out the respective documentation if you want to explore options not covered in this article.
Joining a Linux system to an Active Directory domain allows you to get the best of both worlds. The process is very simple and can be scripted using Bash or automated using Ansible, especially during the system's initial setup. If you are still managing a group of more than five systems without a directory service and a good reason, please do yourself a favor and get one set up. You can thank me later. Edem is currently a sysadmin with a financial services institution where he works primarily with Windows and Linux systems.
He also administers VMware Virtualization environments daily. More about me. Relive our April event with demos, keynotes, and technical sessions from experts, all available on demand. Enable Sysadmin.
How to join a Linux system to an Active Directory domain. Do you need to centrally manage Linux systems and user accounts under an Active Directory domain? Here's how to do it. Image by Kim Newberg from Pixabay. Active Directory and the need for centralized access management. Check out these related articles on Enable Sysadmin Image.
0コメント