|
|
|
realmd | |
|---|
To join a FreeIPA domain with realmd you can use the realm command line tool:
$ realm join --verbose ipa.example.com
By specifying the --verbose it's easier
to see what went wrong if the join fails.
Other tools also use realmd which can be used to perform the join operation, for example: GNOME Control Center.
The join operation does the following:
Discovers information about the domain.
Installs the necessary software to join the domain, such as SSSD.
Prompts for administrative credentials.
A computer account in the domain will be created, and or updated.
A host keytab file at /etc/krb5.keytab is created.
Configures the SSSD service, and restarts and enables it as appropriate.
Enables domain users in /etc/nsswitch.conf
In addition an FreeIPA domain server's host name or IP address may be specified to join via that domain controller directly.
After the join operation is complete, domain accounts should be usable locally, although logins using domain accounts are not necessarily enabled.
You verify that domain accounts are working with with a command like this:
$ getent passwd admin@ipa.example.com
The join operation will create or update a computer account in the domain.