Description

Join the current machine to an Active Directory, but use the POSIX attributes in the directory.

Setup

Make sure you have other required software:
- realmd 0.14.0 or later
- adcli 0.7 or later
Verify that your Active Directory domain access works, or set a domain up.
You need a domain account as an administrator.
Leave realm(s) you are currently joined to.
You need the Identity Management for UNIX installed on the active directory.
To check: Run Server Manager, click on Roles, scroll down to Active Directory Domain Services.

To install: Click Add Role Services
You need to assign POSIX attributes such as UID, GID, home directory and shell assigned to the users you'll be testing.
In Active Directory Users and Computers, go to the Users section, right click on the relevant users and choose Properties. In the UNIX Attributes, fill in all the fields.
Configure realmd by placing the following in: /etc/realmd.conf
Put in your domain name as appropriate:

[ad.example.com]
automatic-id-mapping = no

Make sure realmd is restarted:

$ sudo killall realmd

Check that the domain is now configured.
```
$ realm list
```
Make sure the domain is listed.

Make sure you have a configured: kerberos-member line in the output.

Make note of the login-formats line for the next command.
Check that you can resolve domain accounts on the local computer.
```
$ getent passwd 'AD\User'
```
Make sure to use the quotes around the user name.
You should see an output line that looks like passwd(5) output.
```
AD\User:*:6000:6000:User:/home/User:/bin/sh
```
The uid, gid, home directory and shell should match those you set in the directory above.

Use the --verbose argument to see details of what's being done during a join. Include verbose output in any bug reports.

$ realm join --verbose ad.example.com