3.9. Additional Configuration for the Active Directory Domain Entry
/etc/realmd.conffile. Each domain can have its own configuration section; the name of the section must match the domain name. For example:
[ad.example.com] attribute = value attribute = value
realm joincommand has not been run yet. If a system is already joined, changing these settings does not have any effect. In such situations, you must leave the domain, as described in Section 3.5, “Removing a System from an Identity Domain”, and then join again, as described in the section called “Joining a Domain”. Note that joining requires the domain administrator's credentials.
/etc/realmd.conf. The following example disables ID mapping for the
ad.example.comdomain, sets the host principal, and adds the system to the specified subtree:
[ad.example.com] computer-ou = ou=Linux Computers,DC=domain,DC=example,DC=com user-principal = host/linux-client@AD.EXAMPLE.COM automatic-id-mapping = no
realm joincommand, described in the section called “Joining a Domain”:
# realm join --computer-ou="ou=Linux Computers,dc=domain,dc=com" --automatic-id-mapping=no --user-principal=host/linux-client@AD.EXAMPLE.COM
/etc/realmd.conf. For complete information about the available configuration options, see the realmd.conf(5) man page.
Table 3.2. Realm Configuration Options
| ||Sets the directory location for adding computer accounts to the domain. This can be the full DN or an RDN, relative to the root entry. The subtree must already exist.|
| || Sets the |
| ||Sets whether to enable dynamic ID mapping or disable the mapping and use POSIX attributes configured in Active Directory.|