Join a Windows Active Directory Domain using Samba Winbind. Ensure a Windows Active Directory Domain Service is present in your network before proceeding with the steps below.
dnf -y install samba-winbind samba-winbind-clients oddjob-mkhomedir
Modify /etc/krb5.conf to specify the Realm and AD hostname:
# /etc/krb5.conf
default_realm = EMC.WORLD
[realms]
EMC.WORLD = {
kdc = fd3s.emc.world
admin_server = fd3s.emc.world
}
Replace the existing Samba configuration with the following:
# /etc/samba/smb.conf
[global]
kerberos method = secrets and keytab
realm = EMC.WORLD
workgroup = FD3S01
security = ads
template shell = /bin/bash
winbind enum groups = Yes
winbind enum users = Yes
winbind separator = +
idmap config * : rangesize = 1000000
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
Switch to Winbind for authentication:
authselect select winbind --force
authselect enable-feature with-mkhomedir
systemctl enable --now oddjobd
Set the DNS to point to the AD server and join the domain with the following commands:
nmcli connection modify enp1s0 ipv4.dns 10.0.0.100
nmcli connection down enp1s0; nmcli connection up enp1s0
net ads join -U Administrator
systemctl enable --now winbind
Validate domain information and user list:
net ads info
wbinfo -u
Verify that you can log in with an AD user:
exit
# Log in with the domain user at the console prompt
Sample console output after logging in with an AD user:
uid=2001103(FD3S01+serverworld) gid=2000513(FD3S01+domain users) groups=2000513(FD3S01+domain users),2000512(FD3S01+domain admins),2000572(FD3S01+denied rodc password replication group),2001103(FD3S01+serverworld) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Ensure all configurations match your specific network and AD setup. Replace emc.world, fd3s.emc.world, and other domain-specific information with your actual domain details.