To support True SSO on instant-cloned RHEL/CentOS 7.x desktops, you must configure Samba on the base virtual machine (VM).
The RHEL/CentOS 7.x realmd feature provides a simple way to discover and join identity domains. Instead of connecting the system to the domain itself, realmd configures underlying Linux system services, such as SSSD or Winbind, to connect to the domain. The following steps describe how to use realmd and Samba to perform an offline domain join of a RHEL/CentOS 7.x VM to Active Directory.
Prerequisites
Verify that:
- The RedHat Enterprise Linux (RHEL) system is subscribed to Red Hat Network (RHN) or has the yum tool installed locally.
- The Active Directory (AD) server is resolvable by DNS on the RHEL/CentOS 7.x VM.
- The Network Time Protocol (NTP) is configured on the VM.
Procedure
- Verify that the RHEL/CentOS VM can discover the AD server. Use the following example, where ADdomain.example.com is replaced with your AD server information.
sudo realm discover ADdomain.example.com
- Install the Samba tdb-tools package.
The Samba tdb-tools package is not available for download from the official Red Hat repository. You must download it manually. For example, use the following command to download it from a CentOS 7.5 system and install the downloaded package on your RHEL system.
yumdownloader tdb-tools
If you do not have a CentOS system, go to https://rpmfind.net/linux/rpm2html/search.php?query=tdb-tools&submit=Search+...&system=&arch, download the tdb-tools-1.3.15-1.el7.x86_64.rpm package, and install it on your RHEL system.
- Install Samba and the dependency packages.
sudo yum install sssd-tools sssd adcli samba-common pam_ldap pam_krb5 samba samba-client krb5-workstation
- Run the join command, using the following example, where DNSdomain.example.com must be replaced with the DNS domain path specific for your environment.
sudo realm join DNSdomain.example.com -U administrator
When the join command succeeds, you receive the following message.
Successfully enrolled machine in realm
- Restart the VM and log back in.