These options should go in an section with the same name
as the realm in the
For example for the
the section would be called
To figure out the canonical name for a realm use the
$ realm discover --name DOMAIN.example.com domain.example.com ...
Only specify the settings you wish to override.
Specify this option to create directory computer accounts in a location other than the default. This currently only works with Active Directory domains.
[domain.example.com] computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com # computer-ou = OU=Linux Computers,
Specify the OU as an LDAP DN. It can be relative to the Root DSE, or a complete LDAP DN. Obviously the OU must exist in the directory.
It is also possible to use the
argument of the realm command to
create a computer account at a specific OU.
userPrincipalName attributes for the
computer account in the realm, in the form
[domain.example.com] user-principal = yes
This option is on by default for Active Directory realms. Turn it off to use UID and GID information stored in the directory (as-per RFC2307) rather than automatically generating UID and GID numbers.
[domain.example.com] automatic-id-mapping = no # automatic-id-mapping = yes
This option is on by default. Normally joining a realm affects many aspects of the configuration and management of the system. Turning this off limits the interaction with the realm or domain to authentication and identity.
[domain.example.com] manage-system = no # manage-system = yes