From Fedora Project Wiki
(Instructions for using various domains)
 
Line 59: Line 59:
If you're on the Red Hat internal network, there's an Active Directory server available for testing. Unfortunately, it is not clear whether this can be made available to the public at this time. In addition this works poorly for testing if you're on a VPN. Because the VPN connection must be up before the Active Directory domain is accessible.
If you're on the Red Hat internal network, there's an Active Directory server available for testing. Unfortunately, it is not clear whether this can be made available to the public at this time. In addition this works poorly for testing if you're on a VPN. Because the VPN connection must be up before the Active Directory domain is accessible.


The domain is: radi08.segad.lab.sjc.redhat.com
'''Domain''': radi08.segad.lab.sjc.redhat.com<br>
'''Kerberos Realm''': RADI08.SEGAD.LAB.SJC.REDHAT.COM


However, the Red Hat Active Directory test bed does not yet have DNS configured appropriately. So to you it you need to setup a local caching DNS server:
However, the Red Hat Active Directory test bed does not yet have DNS configured appropriately. So to you it you need to setup a local caching DNS server:

Revision as of 04:51, 15 October 2012

Testing Fedora 18 Active Directory: Preparation

In order to test realmd with Active Directory, you need the following:

realmd Installed

To install realmd from Fedora 18:

$ sudo yum install realmd

To build and install realmd from source, do something like this:

$ git clone git://anongit.freedesktop.org/realmd/realmd
$ cd realmd
$ sh autogen.sh --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib64 --enable-debug
$ make
$ sudo make install
$ sudo restorecon -Rv /etc/dbus-1 /usr/bin/realm /usr/lib64/realmd /usr/share/dbus-1 /usr/share/polkit-1

If you wish to later go back to the Fedora 18 version of realmd, just reinstall realmd:

$ sudo yum reinstall realmd

Active Directory domain

Corporate domain

If you have a real deployed Active Directory domain to test against, this is the best scenario.

In order to test realmd effectively you'll need to be able to create computer accounts in the domain. Sometimes this means you'll have Administrative credentials for the domain. In other cases, you may have been delegated a specific OU which you are able to create accounts in.

To tell realmd to create computer accounts in a specific OU, add something like the following to your /etc/realmd.conf

[domain.example.com]
computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com

For more details see: http://www.freedesktop.org/software/realmd/docs/guide-configuring-realm.html

For deeper testing you should be able to access the domain and create accounts.

Personal domain

You can setup your own personal Active Directory domain. Here's how to install Windows Server 2008 for free and set one up: http://stef.thewalter.net/2012/08/how-to-create-active-directory-domain.html

Note that the Active Directory will need to be appropriately discoverable via DNS, as it would be "in real life". If DNS is not setup for your Active Directory domain, you can also use steps 8 and 9 in the linked setup instructions above to make DNS work appropriately on your test machine for your domain.

In the following documentation we'll use ad.example.com when referring to the domain.

Red Hat Active Directory Test Bed

If you're on the Red Hat internal network, there's an Active Directory server available for testing. Unfortunately, it is not clear whether this can be made available to the public at this time. In addition this works poorly for testing if you're on a VPN. Because the VPN connection must be up before the Active Directory domain is accessible.

Domain: radi08.segad.lab.sjc.redhat.com
Kerberos Realm: RADI08.SEGAD.LAB.SJC.REDHAT.COM

However, the Red Hat Active Directory test bed does not yet have DNS configured appropriately. So to you it you need to setup a local caching DNS server:

  • Install bind like so:
# yum install caching-nameserver
  • After the install completes, edit /etc/named.conf and add the following line to your main options section:
forwarders { 8.8.8.8; /* ... or the address of your ISP DNS server */ };
  • And add this to the end of /etc/named.conf:
zone "radi08.segad.lab.sjc.redhat.com" {
        type forward;
        forwarders { 10.14.5.60; };
};
  • Restart the named service with:
# systemctl restart named.service
  • Before configuring your host to use the local caching nameserver, test it with commands like:
# host radi08.segad.lab.sjc.redhat.com 127.0.0.1
radi08.segad.lab.sjc.redhat.com has address 10.14.5.60
# host google.com 127.0.0.1
google.com has address 209.85.148.139
...
  • Once you know it's working, use nm-connection-editor to edit your connection. Choose your connection, and on the IPv4 Settings tab, choose Automatic (DHCP) addresses only. Now set 127.0.0.1 as the DNS servers.
  • You should now be able to test you local server with commands like:
# host radi08.segad.lab.sjc.redhat.com
radi08.segad.lab.sjc.redhat.com has address 10.14.5.60
# host google.com
google.com has address 209.85.148.139
...