ms_ad_key_concepts_schema
· One min read
3 posts tagged with "AD"
View All TagsSSSD and Active Directory
· One min read
SSSD and Active Directory
- install packages:
$ sudo apt install sssd-ad sssd-tools realmd adcli sssd-tools sssd libnss-sss libpam-sss adcli packagekit
- join domain
$ sudo realm discover -v $DOMAIN
$ sudo realm join $DOMAIN
- edit
/etc/sssd/sssd.conf
$ vim /etc/sssd/sssd.conf
[sssd]
domains = ad1.example.com
config_file_version = 2
services = nss, pam
[domain/ad1.example.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AD1.EXAMPLE.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = ad1.example.com
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = ad
# the following is not shown in ubuntu documentation,
# but is necessary for version after 22
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive
- automatically create home directory
$ sudo pam-auth-update --enable mkhomedir
- check
$ getent passwd $USERNAME@$DOMAIN
- login
$ sudo login
ad-client login: $USERNAME@$DOMAIN
Password:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-24-generic x86_64)
...
Creating directory '/home/john@ad1.example.com'.
john@ad1.example.com@ad-client:~
- references
Member Server in an Active Directory Domain
· One min read
Member Server in an Active Directory Domain
- Install packages:
$ sudo apt install realmd samba libnss-winbind samba-common-bin libpam-winbind winbind
- Edit
/etc/resolv.conf
nameserver # BD server ip address
- find realm
$ sudo realm discover
- Realm join
$ sudo realm join -v --membership-software=samba --client-software=winbind $DOMAIN REALM
- edit
/etc/nsswitch.conf
passwd: files systemd winbind
group: files systemd winbind
- automatically create home directory
$ sudo pam-auth-update --enable mkhomedir
- see references for more detail
- references