To join an Active Directory domain with realmd you can use the realm command line tool:
$ realm join --verbose domain.example.com
By specifying the
--verbose it's easier
to see what went wrong if the join fails.
Other tools also use realmd which can be used to perform the join operation, for example: GNOME Control Center.
The join operation does the following:
Discovers information about the domain.
Installs the necessary software to join the domain, such as SSSD or Winbind.
Tries to join the domain automatically, without administrative credentials.
If administrative credentials are required, a password will be prompted for.
A computer account in the domain will be created, and or updated.
A host keytab file at
/etc/krb5.keytab is created.
Configures the SSSD or Winbind services, and restarts and enables them as appropriate.
Enables domain users in
In addition an Active Directory domain controller's host name or IP address may be specified to join via that domain controller directly.
After the join operation is complete, domain accounts should be usable locally, although logins using domain accounts are not necessarily enabled.
You verify that domain accounts are working with with a command like this:
$ getent passwd DOMAIN\Administrator
The join operation will create or update a computer account
in the domain. If you wish to specify a specific organizational unit
where this account is created, you can use the
--user to choose a different
user name than the default
You can use kerberos credentials to perform the join. Use the
kinit command to acquire credentials prior to
starting the join. Do not specify the
the user will be selected automatically from the credential cache.
The realm respects the
environment variable, but uses the default kerberos credential cache
if it's not present.