Active Directory domain join & SSH key copy problem.
by tengocoffee from LinuxQuestions.org on (#4T4KD)
Hello,
I've recently joined a server running CentOS 7 to our Active Directory domain using realm. I followed the guide on the web page linked below and all went well. However, when we log-in with our domain accounts we have to use "UserName@DomainName", using "DomainName\UserName" fails. When we are logged in with "UserName@DomainName" the terminal shows "UserName@DomainName@ServerName".
We have a number of servers (mix of RHEL/CentOS/Ubuntu) already domain joined and they were joined using Winbind. To log on to these servers with a domain account we can enter "DomainName\UserName". When we log in with "DomainName\UserName" the terminal shows "UserName@ServerName".
Problems...
while working on the server that was domain joined with realm, while creating a file in /etc/sudoers.d/ to give permissions to our admin group I had to add "@DomainName" to the AD group. For example "%ADGroup@DomainName..." rather than "%ADGroup...". We don't have to do this with the WinBind joined servers, "%ADGroup..." is enough.
Another problem is using SSH keys. If I'm on a server that was domain joined with Winbind and want to copy my ssh key to the new server that used realm it fails. This is because my ssh key is created with "DomainName\UserName" and I'm prompted to enter the password for this account, but the new server doesn't recognise "DomainName\UserName".
I can't help think I've made an error when joining the server to the domain with realm. Any help would be most welcome. Basically I want to be able to log into the servers with "DomainName\UserName" whether its been domain joined with Windbind or Realm and understand what has caused this issue.
Guides used:
http://yallalabs.com/linux/how-to-jo...ectory-domain/
https://access.redhat.com/documentat.../realmd-domain
Thank you
I've recently joined a server running CentOS 7 to our Active Directory domain using realm. I followed the guide on the web page linked below and all went well. However, when we log-in with our domain accounts we have to use "UserName@DomainName", using "DomainName\UserName" fails. When we are logged in with "UserName@DomainName" the terminal shows "UserName@DomainName@ServerName".
We have a number of servers (mix of RHEL/CentOS/Ubuntu) already domain joined and they were joined using Winbind. To log on to these servers with a domain account we can enter "DomainName\UserName". When we log in with "DomainName\UserName" the terminal shows "UserName@ServerName".
Problems...
while working on the server that was domain joined with realm, while creating a file in /etc/sudoers.d/ to give permissions to our admin group I had to add "@DomainName" to the AD group. For example "%ADGroup@DomainName..." rather than "%ADGroup...". We don't have to do this with the WinBind joined servers, "%ADGroup..." is enough.
Another problem is using SSH keys. If I'm on a server that was domain joined with Winbind and want to copy my ssh key to the new server that used realm it fails. This is because my ssh key is created with "DomainName\UserName" and I'm prompted to enter the password for this account, but the new server doesn't recognise "DomainName\UserName".
I can't help think I've made an error when joining the server to the domain with realm. Any help would be most welcome. Basically I want to be able to log into the servers with "DomainName\UserName" whether its been domain joined with Windbind or Realm and understand what has caused this issue.
Guides used:
http://yallalabs.com/linux/how-to-jo...ectory-domain/
https://access.redhat.com/documentat.../realmd-domain
Thank you