Join Redhat 7 without prompting the password
Clash Royale CLAN TAG#URR8PPP
I am trying to automate domain join on RedHat 7 using the following command:
realm join -U serviceaccount --client-software=sssd abc.com
The problem is this command prompts for password which stops my script. How do I workaround so it doesn't prompt for the password?
I need a solution which will definitely work.
rhel password active-directory sssd
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
asked Oct 5 '16 at 23:28
tset
4525
add a comment |
I am trying to automate domain join on RedHat 7 using the following command:
realm join -U serviceaccount --client-software=sssd abc.com
The problem is this command prompts for password which stops my script. How do I workaround so it doesn't prompt for the password?
I need a solution which will definitely work.
rhel password active-directory sssd
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
asked Oct 5 '16 at 23:28
tset
4525
add a comment |
I am trying to automate domain join on RedHat 7 using the following command:
realm join -U serviceaccount --client-software=sssd abc.com
The problem is this command prompts for password which stops my script. How do I workaround so it doesn't prompt for the password?
I need a solution which will definitely work.
rhel password active-directory sssd
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
asked Oct 5 '16 at 23:28
tset
4525
I am trying to automate domain join on RedHat 7 using the following command:
realm join -U serviceaccount --client-software=sssd abc.com
The problem is this command prompts for password which stops my script. How do I workaround so it doesn't prompt for the password?
I need a solution which will definitely work.
rhel password active-directory sssd
rhel password active-directory sssd
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
asked Oct 5 '16 at 23:28
tset
4525
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
asked Oct 5 '16 at 23:28
tset
4525
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
edited Oct 6 '16 at 16:33
Jeff Schaller
38.5k1053125
38.5k1053125
asked Oct 5 '16 at 23:28
tset
4525
asked Oct 5 '16 at 23:28
tset
4525
asked Oct 5 '16 at 23:28
tset
4525
4525
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
RE: There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There is always a work around in Linux/Unix:
echo $passwd| realm join -U serviceaccount --client-software=sssd abc.com
Worked for me.
edited Feb 15 at 8:55
Pierre.Vriens
96651015
answered Feb 15 at 7:25
Isaac
311
add a comment |
From a Red Hat perspective, you can run the realm join without a password, but it first requires you doing a kinit serviceaccount assuming Kerberos is properly configured. See documentation here. There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There may be something that can be done on the AD side to not require a password when joining a domain, but that would be off-topic for this forum.
answered Oct 5 '16 at 23:37
MikeA
71226
add a comment |
I know this post is kind of old, but there is an option available that doesn't necessarily require an AD account with password. Both realm and adcli commands support the --one-time-password argument, however this requires that the computer objects are pre-created in Active Directory and that you know the Machine Account Password of the computer object.
You can use the Powershell cmdlet Reset-ComputerMachinePassword and/or possibly the netdom reset or netdom resetpwd commands on Windows to manually set the Machine Account password to a well-known string. You can also use the Active Directory Users and Computers GUI to perform a Reset Account on the computer object in Active Directory - which changes the Machine Account password to match the computer object name (e.g. if the computer object is WORKSTATION01 this changes the Machine Account Password to the string "WORKSTATION01").
In such a case, you can then join Linux machines to the domain using the hostname (or whatever you set using Reset-ComputerMachinePassword) as the one-time password, without needing credentials to an actual domain user/service account.
realm join <mydomain>.example.com --one-time-password `hostname -s`
answered Dec 13 at 23:14
jthornsen
1
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f314621%2fjoin-redhat-7-without-prompting-the-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
RE: There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There is always a work around in Linux/Unix:
echo $passwd| realm join -U serviceaccount --client-software=sssd abc.com
Worked for me.
edited Feb 15 at 8:55
Pierre.Vriens
96651015
answered Feb 15 at 7:25
Isaac
311
add a comment |
RE: There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There is always a work around in Linux/Unix:
echo $passwd| realm join -U serviceaccount --client-software=sssd abc.com
Worked for me.
edited Feb 15 at 8:55
Pierre.Vriens
96651015
answered Feb 15 at 7:25
Isaac
311
add a comment |
RE: There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There is always a work around in Linux/Unix:
echo $passwd| realm join -U serviceaccount --client-software=sssd abc.com
Worked for me.
edited Feb 15 at 8:55
Pierre.Vriens
96651015
answered Feb 15 at 7:25
Isaac
311
RE: There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There is always a work around in Linux/Unix:
echo $passwd| realm join -U serviceaccount --client-software=sssd abc.com
Worked for me.
edited Feb 15 at 8:55
Pierre.Vriens
96651015
answered Feb 15 at 7:25
Isaac
311
edited Feb 15 at 8:55
Pierre.Vriens
96651015
edited Feb 15 at 8:55
Pierre.Vriens
96651015
edited Feb 15 at 8:55
Pierre.Vriens
96651015
96651015
answered Feb 15 at 7:25
Isaac
311
answered Feb 15 at 7:25
Isaac
311
answered Feb 15 at 7:25
Isaac
311
311
add a comment |
add a comment |
From a Red Hat perspective, you can run the realm join without a password, but it first requires you doing a kinit serviceaccount assuming Kerberos is properly configured. See documentation here. There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There may be something that can be done on the AD side to not require a password when joining a domain, but that would be off-topic for this forum.
answered Oct 5 '16 at 23:37
MikeA
71226
add a comment |
From a Red Hat perspective, you can run the realm join without a password, but it first requires you doing a kinit serviceaccount assuming Kerberos is properly configured. See documentation here. There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There may be something that can be done on the AD side to not require a password when joining a domain, but that would be off-topic for this forum.
answered Oct 5 '16 at 23:37
MikeA
71226
add a comment |
From a Red Hat perspective, you can run the realm join without a password, but it first requires you doing a kinit serviceaccount assuming Kerberos is properly configured. See documentation here. There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There may be something that can be done on the AD side to not require a password when joining a domain, but that would be off-topic for this forum.
answered Oct 5 '16 at 23:37
MikeA
71226
From a Red Hat perspective, you can run the realm join without a password, but it first requires you doing a kinit serviceaccount assuming Kerberos is properly configured. See documentation here. There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There may be something that can be done on the AD side to not require a password when joining a domain, but that would be off-topic for this forum.
answered Oct 5 '16 at 23:37
MikeA
71226
answered Oct 5 '16 at 23:37
MikeA
71226
answered Oct 5 '16 at 23:37
MikeA
71226
answered Oct 5 '16 at 23:37
MikeA
71226
71226
add a comment |
add a comment |
I know this post is kind of old, but there is an option available that doesn't necessarily require an AD account with password. Both realm and adcli commands support the --one-time-password argument, however this requires that the computer objects are pre-created in Active Directory and that you know the Machine Account Password of the computer object.
You can use the Powershell cmdlet Reset-ComputerMachinePassword and/or possibly the netdom reset or netdom resetpwd commands on Windows to manually set the Machine Account password to a well-known string. You can also use the Active Directory Users and Computers GUI to perform a Reset Account on the computer object in Active Directory - which changes the Machine Account password to match the computer object name (e.g. if the computer object is WORKSTATION01 this changes the Machine Account Password to the string "WORKSTATION01").
In such a case, you can then join Linux machines to the domain using the hostname (or whatever you set using Reset-ComputerMachinePassword) as the one-time password, without needing credentials to an actual domain user/service account.
realm join <mydomain>.example.com --one-time-password `hostname -s`
answered Dec 13 at 23:14
jthornsen
1
add a comment |
I know this post is kind of old, but there is an option available that doesn't necessarily require an AD account with password. Both realm and adcli commands support the --one-time-password argument, however this requires that the computer objects are pre-created in Active Directory and that you know the Machine Account Password of the computer object.
You can use the Powershell cmdlet Reset-ComputerMachinePassword and/or possibly the netdom reset or netdom resetpwd commands on Windows to manually set the Machine Account password to a well-known string. You can also use the Active Directory Users and Computers GUI to perform a Reset Account on the computer object in Active Directory - which changes the Machine Account password to match the computer object name (e.g. if the computer object is WORKSTATION01 this changes the Machine Account Password to the string "WORKSTATION01").
In such a case, you can then join Linux machines to the domain using the hostname (or whatever you set using Reset-ComputerMachinePassword) as the one-time password, without needing credentials to an actual domain user/service account.
realm join <mydomain>.example.com --one-time-password `hostname -s`
answered Dec 13 at 23:14
jthornsen
1
add a comment |
I know this post is kind of old, but there is an option available that doesn't necessarily require an AD account with password. Both realm and adcli commands support the --one-time-password argument, however this requires that the computer objects are pre-created in Active Directory and that you know the Machine Account Password of the computer object.
You can use the Powershell cmdlet Reset-ComputerMachinePassword and/or possibly the netdom reset or netdom resetpwd commands on Windows to manually set the Machine Account password to a well-known string. You can also use the Active Directory Users and Computers GUI to perform a Reset Account on the computer object in Active Directory - which changes the Machine Account password to match the computer object name (e.g. if the computer object is WORKSTATION01 this changes the Machine Account Password to the string "WORKSTATION01").
In such a case, you can then join Linux machines to the domain using the hostname (or whatever you set using Reset-ComputerMachinePassword) as the one-time password, without needing credentials to an actual domain user/service account.
realm join <mydomain>.example.com --one-time-password `hostname -s`
answered Dec 13 at 23:14
jthornsen
1
I know this post is kind of old, but there is an option available that doesn't necessarily require an AD account with password. Both realm and adcli commands support the --one-time-password argument, however this requires that the computer objects are pre-created in Active Directory and that you know the Machine Account Password of the computer object.
You can use the Powershell cmdlet Reset-ComputerMachinePassword and/or possibly the netdom reset or netdom resetpwd commands on Windows to manually set the Machine Account password to a well-known string. You can also use the Active Directory Users and Computers GUI to perform a Reset Account on the computer object in Active Directory - which changes the Machine Account password to match the computer object name (e.g. if the computer object is WORKSTATION01 this changes the Machine Account Password to the string "WORKSTATION01").
In such a case, you can then join Linux machines to the domain using the hostname (or whatever you set using Reset-ComputerMachinePassword) as the one-time password, without needing credentials to an actual domain user/service account.
realm join <mydomain>.example.com --one-time-password `hostname -s`
answered Dec 13 at 23:14
jthornsen
1
answered Dec 13 at 23:14
jthornsen
1
answered Dec 13 at 23:14
jthornsen
1
answered Dec 13 at 23:14
jthornsen
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f314621%2fjoin-redhat-7-without-prompting-the-password%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
