Tools for integrating Linux systems with Microsoft Active Directory
Domain Join Made Easy Thanks to Realmd
All of the previously described methods have the disadvantage that they involve a greater or lesser amount of manual work on the clients to join the Windows domain. As of Fedora 18 and Red Hat Enterprise 7, the Red Hat environment offers a tool that lets you easily add a system to a Kerberos realm (a.k.a. domain): realmd
. The realmd
tool does not just work for Windows domains; you can also use it with FreeIPA domains. The command line is simple:
$ realm join example.com -U Administrator
You won't need to make any additional manual changes to the Kerberos configuration. The realm call ensures that a computer account is automatically created for the system, and a Kerberos principle is also available with a keytab
file. At this point, I should mention, however, that realmd
is a fairly new tool, and you might experience some complications when using it.
Conclusions
Uniform management of user accounts can be achieved either by Linux clients directly joining a Windows domain or by synchronization or trust relationships between different identity stores. Both methods have their advantages and disadvantages. If Linux clients directly join a Windows domain, I recommend the use of the System Security Services Daemon in combination with the AD provider because this option currently provides the most stable and most efficient solution.
Infos
- Active Directory Domain Services: http://msdn.microsoft.com/en-us/library/aa362244%28v=vs.85%29.aspx
« Previous 1 2
Buy this article as PDF
(incl. VAT)