Realm specific settings

These options should go in an section with the same name as the realm in the /etc/realmd.conf file. For example for the domain.example.com domain the section would be called [domain.example.com]. To figure out the canonical name for a realm use the realm command:

$ realm discover --name DOMAIN.example.com
domain.example.com
...

Only specify the settings you wish to override.

computer-ou

Specify this option to create directory computer accounts in a location other than the default. This currently only works with Active Directory domains.

[domain.example.com]
computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com
# computer-ou = OU=Linux Computers,

Specify the OU as an LDAP DN. It can be relative to the Root DSE, or a complete LDAP DN. Obviously the OU must exist in the directory.

It is also possible to use the --computer-ou argument of the realm command to create a computer account at a specific OU.

user-prinicpal

Set the user-prinicpal to yes to create userPrincipalName attributes for the computer account in the realm, in the form host/computer@REALM

[domain.example.com]
user-principal = yes

automatic-id-mapping

This option is on by default for Active Directory realms. Turn it off to use UID and GID information stored in the directory (as-per RFC2307) rather than automatically generating UID and GID numbers.

[domain.example.com]
automatic-id-mapping = no
# automatic-id-mapping = yes

manage-system

This option is on by default. Normally joining a realm affects many aspects of the configuration and management of the system. Turning this off limits the interaction with the realm or domain to authentication and identity.

[domain.example.com]
manage-system = no
# manage-system = yes

fully-qualified-names

This option is on by default. If turned off then realm user and group names are not qualified their name. This may cause them to conflict with local user and group names.

[domain.example.com]
fully-qualified-names = no
# fully-qualified-names = yes