REALMD.CONF(5) | File Formats | REALMD.CONF(5) |
realmd.conf - Tweak behavior of realmd
realmd can be tweaked by network administrators to act in specific ways. This is done by placing settings in a /etc/realmd.conf. This file does not exist by default. The syntax of this file is the same as an INI file or Desktop Entry file.
In general, settings in this file only apply at the point of joining a domain or realm. Once the realm has been setup the settings have no effect. You may choose to configure SSSD[1] or Winbind[2] directly.
Only specify the settings you wish to override in the /etc/realmd.conf file. Settings not specified will be loaded from their packaged defaults. Only override the settings below. You may find other settings if you look through the realmd source code. However these are not guaranteed to remain stable.
There are various sections in the config file. Some sections are global topic sections, and are listed below. Other sections are specific to a given realm. These realm specific sections should always contain the domain name in lower case as their section header.
Examples of each setting is found below, including the header of the section it should be placed in. However in the resulting file only include each section once, and combine the various section setting together as lines underneath the section. For example
[users] default-home = /home/%U default-shell = /bin/bash
These options should go in an [active-directory] section of the /etc/realmd.conf file. Only specify the settings you wish to override.
default-client
[active-directory] default-client = sssd # default-client = winbind
Some callers of realmd such as the realm command line tool allow specifying which client software should be used. Others, such as GNOME Control Center, simplify choose the default.
You can verify the preferred default client softawre by running the following command. The realm with the preferred client software will be listed first.
$ realm discover domain.example.com domain.example.com
configured: no
server-software: active-directory
client-software: sssd
type: kerberos
realm-name: AD.THEWALTER.LAN
domain-name: ad.thewalter.lan domain.example.com
configured: no
server-software: active-directory
client-software: winbind
type: kerberos
realm-name: AD.THEWALTER.LAN
domain-name: ad.thewalter.lan
os-name
os-version
This is an Active Directory specific option.
It is also possible to use the --os-name or --os-version argument of the realm command to override the default values.
[active-directory] os-name = Gentoo Linux os-version = 9.9.9.9.9
These options should go in an [service] section of the /etc/realmd.conf file. Only specify the settings you wish to override.
automatic-install
[service] automatic-install = no # automatic-install = yes
These options should go in an [users] section of the /etc/realmd.conf file. Only specify the settings you wish to override.
default-home
[users] default-home = /home/%U@%D # default-home = /nfs/home/%D-%U # default-home = /home/%D/%U
You can verify the home directory for a user by running the following command.
$ getent passwd 'DOMAIN/User' DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
default-shell
[users] default-shell = /bin/bash # default-shell = /bin/sh
You can verify the shell for a user by running the following command.
$ getent passwd 'DOMAIN/User' DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
These options should go in an section with the same name as the realm in the /etc/realmd.conf file. For example for the domain.example.com domain the section would be called [domain.example.com]. To figure out the canonical name for a realm use the realm command:
$ realm discover --name DOMAIN.example.com domain.example.com ...
Only specify the settings you wish to override.
computer-ou
[domain.example.com] computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com # computer-ou = OU=Linux Computers,
It is also possible to use the --computer-ou argument of the realm command to create a computer account at a specific OU.
computer-name
[domain.example.com] computer-name = SERVER01
It is also possible to use the --computer-name argument of the realm command to override the default computer account name.
user-prinicpal
[domain.example.com] user-principal = yes
automatic-join
When automatic joins are used there is no mutual authentication between the machine and the domain during the join process.
[domain.example.com] automatic-join = yes
automatic-id-mapping
This option only makes sense for Active Directory realms.
[domain.example.com] automatic-id-mapping = no # automatic-id-mapping = yes
manage-system
[domain.example.com] manage-system = no # manage-system = yes
fully-qualified-names
[domain.example.com] fully-qualified-names = no # fully-qualified-names = yes
Stef Walter <stef@thewalter.net>
05/01/2018 | realmd |