KB450046 – Join an Active Directory in Houston UI with CentOS 7

Last modified: July 28, 2021
You are here:

Scope/Description

  • This article will walk through the process of joining an Active Directory in Houston UI.

Prerequisites

  • CentOS 7
  • 45Drives Cockpit UI
  • Windows Active Directory
  • Credentials for Domain User with permission to authenticate Active Directory Join

Steps

  • Use Terminal module in Cockpit UI, or SSH into the server
  • Install packages needed for domain join
[root@centos8 ~]# dnf install -y realmd oddjob-mkhomedir oddjob samba-winbind-clients samba-winbind samba-common-tools samba samba-winbind-krb5-locator krb5-workstation samba-client
[root@centos7 ~]# yum install -y realmd oddjob-mkhomedir oddjob samba-winbind-clients samba-winbind samba-common-tools samba samba-winbind-krb5-locator krb5-workstation samba-client

  • Set hostname to include domain name if not set already, this is done in the Overview tab of the Houston UI.

  • Set DNS server to the IP of the Domain Controller if not done already. This is done in the network tab of the Houston UI

  • Set “domain-client”  to winbind instead of sssd
[root@rocky-45d ~]#sed -i 's/^\(default-client = \).*$/\1winbind/' /usr/lib/realmd/realmd-defaults.conf

[root@centos7-45d ~]# sed -i 's/^\(default-client = \).*$/\1winbind/' /usr/lib64/realmd/realmd-defaults.conf
  • Then restart the realmd service.

  • Join Domain, refresh the page if the “Join Domain” button is greyed out

  • Now we need to grant the SeDiskOperatorPrivilege privilege to any domain groups / users that are going to be configuring share permissions.
[root@centos-45d ~]# net rpc rights grant "45LAB\domain admins" SeDiskOperatorPrivilege -U "45LAB\bk"
Enter 45LAB\bk's password:
Successfully granted rights.
  • You can list all users and groups who have this privilege by running:
[root@centos ~]# net rpc rights list privileges SeDiskOperatorPrivilege -U "45LAB\bk"
Enter 45LAB\bk's password:
SeDiskOperatorPrivilege:
SeDiskOperatorPrivilege:
BUILTIN\Administrators
45LAB\domain admins

Verification

  • We can now communicate with our Active Directory server, and assign permissions based on the users and groups from our Active Directory.

Troubleshooting

  • Ensure you have configured the server hostname and DNS address correctly.
  • Ensure you have configured nsswitch.conf correctly.
  • If net rpc rights grant is causing issues, try using net sam rights grant instead/
Was this article helpful?
Dislike 0
Views: 93
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access