Centos7 join to AD

To join Centos 7 to Active Directory it needs to configure time sync between Centos and domain controlled. So you need to install crony :

yum install chrony -y

and set domain controller servers in /etc/chrony.conf:

server 172.27.x.x
server 172.27.x.y
server 172.27.x.z

and restart chrony service:

systemctl restart chrony

also need to check service is enabled:

systemctl status chrony

then install needs packages :

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y

then dicsover your domain:

realm discover your_domain.local

you should receive something like that:

your_domain.local
  type: kerberos
  realm-name: YOUR_DOMAIN.LOCAL
  domain-name: your_domain.local
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

And join a machine to the domain:

realm join -U administrator your_domain.local

If no errors all ok.

To disable login with full domain name :

sed -i 's/use_fully_qualified_names\ =\ True/use_fully_qualified_names\ =\ False/g'  /etc/sssd/sssd.conf

and user's home dir without domain name

sed -i 's/home\/\%u\@\%d/home\/\%u/' /etc/sssd/sssd.conf

To enable users to create home directories:

authconfig --enablemkhomedir --enablesssdauth --updateall

enable service and restart it:

systemctl enable sssd.service && systemctl restart sssd