filmov
tv
Add Debian/Ubuntu Linux Device to Windows Active Directory
Показать описание
#Linux #ActiveDirectory #Enterprise
--------------------------------------------------------------------
Installing Pre-Requesites and Configuration
--------------------------------------------------------------------
01. Log into the Debian device and run the following commands in terminal:
sudo apt update
# set the fully qualified host name
# confirm or add domain controller to DNS entries
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo apt-get upgrade
# install required packages
sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = I12BRETRO.LOCAL
default_ccache_name = KEYRING:persistent:%{uid}
04. Continue with the following commands in terminal:
# check the configured value of the domain
sudo realm list
05. Paste the following lines into terminal together to enable automatically creating user home directories:
sudo bash -c "cat ≫ /usr/share/pam-configs/mkhomedir" ≪≪EOF Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
EOF
06. Continue with the following commands in terminal:
sudo pam-auth-update
07. Arrow down to activate mkhomedir ≫ Press spacebar to select ≫ Press Enter to confirm
08. Run one or more of the following commands in terminal to grant active directory users or groups access to log into the linux machine:
# add specific user(s )
# add specific group(s)
sudo realm permit -g 'LinuxUsers' 'Linux Admins'
# add everyone
sudo realm permit --all
# deny everyone
sudo realm deny --all
09. Similarly, run the following command to edit /etc/sudoers.d/domain_admins to add specific users or groups to the sudoers file:
sudo nano /etc/sudoers.d/domain_admins
# add specific user(s )
# add specific group(s)
10. Press CTRL+O, Enter, CTRL+X to write the changes to /etc/sudoers.d/domain_admins
--------------------------------------------------------------------
Testing Active Directory Authentication
--------------------------------------------------------------------
### Connect with me and others ###
--------------------------------------------------------------------
Installing Pre-Requesites and Configuration
--------------------------------------------------------------------
01. Log into the Debian device and run the following commands in terminal:
sudo apt update
# set the fully qualified host name
# confirm or add domain controller to DNS entries
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo apt-get upgrade
# install required packages
sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = I12BRETRO.LOCAL
default_ccache_name = KEYRING:persistent:%{uid}
04. Continue with the following commands in terminal:
# check the configured value of the domain
sudo realm list
05. Paste the following lines into terminal together to enable automatically creating user home directories:
sudo bash -c "cat ≫ /usr/share/pam-configs/mkhomedir" ≪≪EOF Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
EOF
06. Continue with the following commands in terminal:
sudo pam-auth-update
07. Arrow down to activate mkhomedir ≫ Press spacebar to select ≫ Press Enter to confirm
08. Run one or more of the following commands in terminal to grant active directory users or groups access to log into the linux machine:
# add specific user(s )
# add specific group(s)
sudo realm permit -g 'LinuxUsers' 'Linux Admins'
# add everyone
sudo realm permit --all
# deny everyone
sudo realm deny --all
09. Similarly, run the following command to edit /etc/sudoers.d/domain_admins to add specific users or groups to the sudoers file:
sudo nano /etc/sudoers.d/domain_admins
# add specific user(s )
# add specific group(s)
10. Press CTRL+O, Enter, CTRL+X to write the changes to /etc/sudoers.d/domain_admins
--------------------------------------------------------------------
Testing Active Directory Authentication
--------------------------------------------------------------------
### Connect with me and others ###
0:04:50
0:07:06
0:03:33
0:02:43
0:07:01
0:09:11
0:02:11
0:04:23
2:07:31
0:00:16
0:20:31
0:27:21
0:04:19
0:07:56
0:09:16
0:23:09
0:01:50
0:09:08
0:01:52
0:03:30
0:02:00
0:04:30
0:05:26
0:02:58