I am trying to automate domain join on RedHat 7 using the following command:
realm join -U serviceaccount --client-software=sssd abc.com
The problem is this command prompts for password which stops my script. How do I workaround so it doesn't prompt for the password? I need a solution which will definitely work.
RE: There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There is always a work around in Linux/Unix:
echo $passwd| realm join -U serviceaccount --client-software=sssd abc.com
Worked for me.
From a Red Hat perspective, you can run the realm join without a password, but it first requires you doing a kinit serviceaccount assuming Kerberos is properly configured. See documentation here. There is not a workaround on the Red Hat side to get around someone entering a password either before or during the realm join.
There may be something that can be done on the AD side to not require a password when joining a domain, but that would be off-topic for this forum.
I know this post is kind of old, but there is an option available that doesn't necessarily require an AD account with password. Both realm and adcli commands support the --one-time-password argument, however this requires that the computer objects are pre-created in Active Directory and that you know the Machine Account Password of the computer object.
You can use the Powershell cmdlet Reset-ComputerMachinePassword and/or possibly the netdom reset or netdom resetpwd commands on Windows to manually set the Machine Account password to a well-known string. You can also use the Active Directory Users and Computers GUI to perform a Reset Account on the computer object in Active Directory - which changes the Machine Account password to match the computer object name (e.g. if the computer object is WORKSTATION01 this changes the Machine Account Password to the string "WORKSTATION01").
In such a case, you can then join Linux machines to the domain using the hostname (or whatever you set using Reset-ComputerMachinePassword) as the one-time password, without needing credentials to an actual domain user/service account.
realm join <mydomain>.example.com --one-time-password `hostname -s`
