Pesquisar

Este conteúdo não está disponível no idioma selecionado.

3.9. Additional Configuration for the Active Directory Domain Entry

download PDF
Custom settings for each individual domain can be defined in the /etc/realmd.conf file. Each domain can have its own configuration section; the name of the section must match the domain name. For example:
[ad.example.com]
attribute = value
attribute = value

Important

Changing the configuration as described in this section only works if the realm join command has not been run yet. If a system is already joined, changing these settings does not have any effect. In such situations, you must leave the domain, as described in Section 3.5, “Removing a System from an Identity Domain”, and then join again, as described in the section called “Joining a Domain”. Note that joining requires the domain administrator's credentials.
To change the configuration for a domain, edit the corresponding section in /etc/realmd.conf. The following example disables ID mapping for the ad.example.com domain, sets the host principal, and adds the system to the specified subtree:
[ad.example.com]
computer-ou = ou=Linux Computers,DC=domain,DC=example,DC=com
user-principal = host/linux-client@AD.EXAMPLE.COM
automatic-id-mapping = no
Note that the same configuration can also be set when originally joining the system to the domain using the realm join command, described in the section called “Joining a Domain”:
# realm join --computer-ou="ou=Linux Computers,dc=domain,dc=com" --automatic-id-mapping=no --user-principal=host/linux-client@AD.EXAMPLE.COM
Table 3.2, “Realm Configuration Options” lists the most notable options that can be set in the domain default section in /etc/realmd.conf. For complete information about the available configuration options, see the realmd.conf(5) man page.
Table 3.2. Realm Configuration Options
Option Description
computer-ou Sets the directory location for adding computer accounts to the domain. This can be the full DN or an RDN, relative to the root entry. The subtree must already exist.
user-principal Sets the userPrincipalName attribute value of the computer account to the provided Kerberos principal.
automatic-id-mapping Sets whether to enable dynamic ID mapping or disable the mapping and use POSIX attributes configured in Active Directory.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.