Using with Active Directory

Discovering Active Directory domains
Active Directory client software
Using SSSD with Active Directory
Using Winbind with Active Directory
Joining an Active Directory domain
Logins using Domain Accounts

realmd can discover Active Directory domains and join the current computer as an account on that domain. This allows using domain users locally, as well as use a domain account to log into the machine.

Discovering Active Directory domains

realmd discovers which domains or realms it can use or configure. It can discover and identify Active Directory domains by looking up the appropriate DNS SRV records.

The following DNS SRV records are required to be present for realmd to identify a provided realm as an Active Directory domain. The DNS server that comes with Active Directory on Windows Server automatically creates these DNS records.

# In this example the Active Directory domain is 'domain.example.com'
_ldap._tcp.dc._msdcs.domain.example.com.

An Active Directory specific UDP LDAP ping is sent to each server during discovery.

To see how realmd is discovering a particular domain name, try a command like the following. Using the --verbose argument displays verbose discovery information.

$ realm discover --verbose domain.example.com
 * Resolving: _ldap._tcp.dc._msdcs.domain.example.com
 * Sending MS-CLDAP ping to: 192.168.20.10
 * Sending MS-CLDAP ping to: 192.168.12.12
 * Successfully discovered: domain.example.com
...

In addition an Active Directory domain controller's host name or IP address may be specified directly.