=====Adding RHEL 7 Hosts to Active Directory===== Installing the “sssd” service if required. To allow a Red Hat 7.0 or 7.1 server to join Active Directory, we need to install the sssd service. This service performs a lot of previously manual configurations. To install this server type the following command yum install sssd* Ensure that you DNS working and defined on your nics. You should have the following entries on your **ifcfg-eth** DNS1=10.5.5.100 DNS2=10.5.5.101 ===Using the realm command=== Before joining the Active Directory you can check that the server can contact the PDC emulator for “office.local” realm discover office.local if you get a responce then try realm join office.local -U brindleyp@office.local ====Using Active Directory Users==== Once server is added to Domain AD users can log into the server format is username@domain ===Using SSH=== Ideally you want to modify the ssh service so that only users belonging to **sshusers** group can log in. To do this with Active directory you need to * Create a group in active Direcory * Modify **sshd.config** and add **AllowGroups sshusers@domainname** To login into the server using ssh use the following format ssh ip/hostname -l username@domain To speed up ssh login set **UseDNS no** ===Using Sudo=== To add sudo permissions to AD users add the following line using visudo %sshusers@domainname ALL=(ALL) ALL ====modifying config files==== Need to modify SSS and KRB5 config files ===SSSD=== add the extra file at ** /etc/sssd/conf.d/office.conf** [domain/office.local] ad_domain = office.local krb5_realm = OFFICE.LOCAL realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ad ad_gpo_ignore_unreadable = True ad_gpo_access_control = permissive ===Krb=== add the extra file at ** /etc/krb5.conf.d/office.conf** [realms] OFFICE.LOCAL = { kdc = dubc2dc01 kdc = dubl5dc02 kdc = dubmgmtdc01 kdc = dubmgmtdc02 kdc = crkmdc02 kdc = dubvdc01 kdc = dubvdc02 kdc = dubpdc03 kdc = dubpdc04 } [domain_realm] office.local = OFFICE.LOCAL .office.local = OFFICE.LOCAL Might also have to remove some lines from krb5.conf and ensure that default_realm = OFFICE.LOCAL default_tkt_enctypes = rc4-hmac default_tgs_enctypes = rc4-hmac finally clear the cache and restart sss sss_cache -E systemctl stop sssd;rm -rf /var/lib/sss/db/*;systemctl start sssd;