windowsServer/sssd

[root@centos7 ~]# cat << _EOF_ > /etc/samba/smb.conf
[global]
  workgroup = BIOSYM
  security = ADS
  realm = BIOSYM.LOCAL
  log file = /var/log/samba/%m.log
  kerberos method = secrets and keytab
  client signing = yes
  client use spnego = yes
_EOF_
[root@centos7 ~]#

[root@centos7 ~]# net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- BIOSYM
Joined 'CENTOS7' to dns domain 'biosym.local'
 
[root@centos7 ~]#

[root@centos7 ~]# nslookup centos7
Server:         192.168.0.109
Address:        192.168.0.109#53
 
Name:   centos7.biosym.local
Address: 192.168.0.107
 
[root@centos7 ~]#

[root@centos7 ~]# cat << _EOT_ > /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = biosym.local
 
[domain/biosym.local]
id_provider = ad
auth_provider = ad
access_provider = ad
dyndns_update = false
 
enumerate = True
krb5_keytab = /etc/krb5.keytab
ldap_id_mapping = False
ldap_sasl_authid = centos7\$@BIOSYM.LOCAL
_EOT_
[root@centos7 ~]#
[root@centos7 ~]# chmod 600 /etc/sssd/sssd.conf

[root@centos7 ~]# authconfig --enablesssd --enablesssdauth --enableforcelegacy --update
[root@centos7 ~]# systemctl start sssd && systemctl enable sssd

[root@centos7 ~]# getent passwd airi
airi:*:3001:3000:Irisviel von Einzbern:/home/airi:/bin/bash
[root@centos7 ~]#