首先安装各个依赖包；

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python ntp –y

确保至AD的解析正常，编辑 /etc/resolv.conf 文件；

[root@@testLinux-WH ~]# cat /etc/resolv.conf

search example.com

nameserver 192.168.10.51

确保该账户具有相应权限，加入AD域；

[root@@testLInux-WH ~]# realm join --user=administrator example.com

Password for administrator:

如有报错可以使用命令 journalctl -xe REALMD_OPERATION=r549.7056 加错误代码查看信息报错。确认DNS解析正常，确认时间是否一致;

ntpdate ntpserver

使用 realm list 确认 realm 信息；

[root@@testLinux-WH ~]# realm list

example.com

type: kerberos

realm-name: EXAMPLE.COM

domain-name: example.com

configured: kerberos-member

server-software: active-directory

client-software: sssd

required-package: oddjob

required-package: oddjob-mkhomedir

required-package: sssd

required-package: adcli

required-package: samba-common-tools

login-formats: %U@example.com

login-policy: allow-realm-logins

加域成功后，AD中自动创建了相关记录；

由于CentOS中默认使用完整用户名“administrator@example.com”，需要修改 /etc/sssd/sssd.conf 配置文件来达到使用短用户名的目的；

use_fully_qualified_names = False

fallback_homedir = /home/%u

重启服务使其生效；

systemctl restart sssd

尝试使用测试账户连接；

ssh fei-u031@192.168.0.101

fei-u031@192.168.0.101's password:

Creating home directory for fei-u031.

Last failed login: Wed Aug 7 15:52:22 CST 2019 from adsvr01.example.com on ssh:notty

There were 4 failed login attempts since the last successful login.

/usr/bin/xauth: file /home/fei-u031/.Xauthority does not exist

[fei-u031@testLinux-WH ~]$ pwd

/home/fei-u031

退出AD域；

realm leave example.com