realmd can discover FreeIPA domains and join the current computer as an account on a domain. This allows using domain users locally, and log into the local machine with FreeIPA domain credentials.
realmd discovers which domains or realms it can use or configure. It can discover and identify FreeIPA domains by looking up the appropriate DNS SRV records and by connecting to the domain LDAP server.
The following DNS SRV records are required to be present for realmd to identify a provided realm as an Kerberos domain.
# In this example the FreeIPA domain is 'domain.example.com' _ldap._tcp.domain.example.com.
In addition realmd connects to the LDAP server on the FreeIPA domain server's on port 389 and reads the Root DSE information about the domain.
To see how realmd is discovering a
particular domain name, try a command like the following. Using
--verbose argument displays verbose
$ realm --verbose discover domain.example.com * Resolving: _ldap._tcp.dc._msdcs.domain.example.com * Resolving: _ldap._tcp.domain.example.com * Performing LDAP DSE lookup on: 192.168.10.22 * Successfully discovered: domain.example.com ...
In addition a FreeIPA domain server's host name or IP address may be specified.