|
|
|
realmd | |
|---|
realmd can discover IPA domains and join the current computer as an account on a domain. This allows using domain users locally, and log into the local machine with IPA domain credentials.
realmd discovers which domains or realms it can use or configure. It can discover and identify IPA domains by looking up the appropriate DNS SRV records and by connecting to the domain LDAP server.
The following DNS SRV records are required to be present for realmd to identify a provided realm as an Kerberos domain.
# In this example the IPA domain is 'domain.example.com'
_ldap._tcp.domain.example.com.
In addition realmd connects to the LDAP server on the IPA domain server's on port 389 and reads the Root DSE information about the domain.
To see how realmd is discovering a
particular domain name, try a command like the following. Using
the --verbose argument displays verbose
discovery information.
$ realm --verbose discover domain.example.com
* Resolving: _ldap._tcp.dc._msdcs.domain.example.com
* Resolving: _ldap._tcp.domain.example.com
* Performing LDAP DSE lookup on: 192.168.10.22
* Successfully discovered: domain.example.com
...
In addition a IPA domain server's host name or IP address may be specified.