Realmd
Realmd
Realmd discovers information about the domain or realm automatically and does not require complicated configuration in order to join a domain or realm, like IdM, Microsoft Active Directory, or Kerberos realms.
Using realmd is easy. A one-line command and it configures Linux systems service like sssd to do the network authentication and user account lookups.
(https://www.freedesktop.org/software/realmd/)
USAGE:
Note: realmd is supported starting leap 15.2
install:
cat /etc/os-release NAME="openSUSE Leap" VERSION="15.2"
zypper in realmd
Joining a Microsoft Active directory domain
zypper in realmd adcli sssd sssd-tools sssd-ad samba-client
edit the network configuration to the add
vi /etc/sysconfig/network/config # change DNS settings to refer to AD NETCONFIG_DNS_STATIC_SERVERS="YOUR_SERVER_IP"
update network with
netconfig update
join the linux machine to Active Directory domain
realm join MYDOMAIN.COM Password for Administrator: # AD's Administrator password vi /etc/pam.d/common-session # add to the end if you need (auto create a home directory at initial login) session optional pam_mkhomedir.so skel=/etc/skel umask=077
Testing your setup
You should able now to login with users from Active Directory Domain.
Assuming you are root, this should work: su - myADuser id uid=555401133(myADuser) gid=555401130(userad) groups=555401130(userad)
Automatic Mapping
Note that realmd configures sssd by default with automatic mapping, this means all users/groups IDs are automatically generated; if you need 1:1 correspondence, you can still disable this option adding the flag to cli:
realm join --computer-ou="ou=Linux Computers,dc=domain,dc=com" --automatic-id-mapping=no
or you can edit sssd.conf file
You will also need to setup Microsoft Active Directory to support POSIX attributes if you disable automatic mapping.
References:
Source code:
https://gitlab.freedesktop.org/realmd/realmd
Realmd doc: https://www.freedesktop.org/software/realmd/
SSSD upsteam doc: https://sssd.io/