FreeIPA
Joining a Domain (IPA/AD)
Joining a domain is pretty simple just run:
Then to check to make sure everything is working:
getent passwd [email protected]
The realm
tool should install the needed packages to join your domain. However the common packages are - oddjob, oddjob-mkhomedir, sssd-common, and freeipa-client. To speed up the process you can pre-install those packages.
The Easy Way; with Ansible
You can join a bunch of systems all at once using ansible.
---
- name: Join Hosts to IPA Domain
hosts: all
tags: [freeipa, domain]
vars_files:
vars:
realm_packages:
- oddjob
- sssd-common
- freeipa-client
- oddjob-mkhomedir
vars_prompt:
- name: leave_domain
prompt: Do you want to leave the domain? (true/false)
default: false
private: false
- name: join_domain
prompt: Do you want to join the domain? (true/false)
default: true
private: false
- name: ipa_domain
prompt: "Enter IPA Domain"
private: false
- name: ipa_username
prompt: "Enter IPA Username"
private: false
- name: ipa_password
prompt: "Enter Password"
private: true
handlers:
- name: Reboot
ansible.builtin.reboot:
pre_tasks:
- name: Install Required Packages
ansible.builtin.dnf:
name: "{{ realm_packages }}"
state: present
post_tasks:
tasks:
- name: Joining System(s)
when: join_domain | bool
notify: Reboot
block:
- name: Join system to domain "{{ ipa_domain }}"
ansible.builtin.expect:
command: /bin/bash -c "/usr/sbin/realm join -v --user={{ ipa_username }} {{ ipa_domain }}"
responses:
Password for *: "{{ ipa_password }}"
rescue:
ansible.builtin.debug:
msg: "This will fail when run a second time, ensure the systems are not joined already"
- name: Leaving System(s)
when: leave_domain | bool
notify: Reboot
block:
- name: Join system to domain "{{ ipa_domain }}"
ansible.builtin.expect:
command: /bin/bash -c "/usr/sbin/realm leave -v --user={{ ipa_username }} {{ ipa_domain }}"
responses:
Password for *: "{{ ipa_password }}"
rescue:
ansible.builtin.debug:
msg: "This will fail when run a second time, ensure the systems are have not left already"