I try to automate the authentication on CentOS 7 Hosts over my AD with the realm commands.
It totally works when I execute the following commands by myself.
$ yum -y install realmd oddjob oddjob-mkhomedir sssd samba-common $ realm join -U admin domain.com $ realm permit -g [email protected]
In addition to that I replace the following lines in /etc/sssd/sssd.conf and restart sssd service.
use_fully_qualified_names = False fallback_homedir = /home/%d/%u $systemctl restart sssd
After those steps I can log in on that specific CentOS Host with any permitted user of my Active Directory
Now the Problem:
If I run the following script on a CentOS Host as root it seems like everything has worked.
yum -y install realmd oddjob oddjob-mkhomedir sssd samba-common echo "Password" | realm join -U admin domain.com realm permit -g [email protected]om sed -i -e 's/use_fully_qualified_names = True/use_fully_qualified_names = False/g' /etc/sssd/sssd.conf sed -i -e 's#fallback_homedir = /home/%[email protected]%d#fallback_homedir = /home/%d/%u#g' /etc/sssd/sssd.conf systemctl restart sssd
If I try to log in as a permitted AD user it says permission denied
I checked /etc/sssd/sssd.conf for any possible sed-caused problems, but that seems fine. Also running the command realm list seems like there is no problem.
# realm list domain.com type: kerberos realm-name: DOMAIN.COM domain-name: domain.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U login-policy: allow-permitted-logins permitted-logins: permitted-groups: [email protected]
The output of this command is exactly the same when I run it after manual executing the commands.
Anybody any idea how to handle that?