About Teletype
Join
HELPPing
@helpping
September 13, 2020

Присоединение Ubuntu к домену Active Directory (AD)

$ sudo apt update


sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit


$ sudo realm discover example.com

example.com
type: kerberos
realm-name: EXAMPLE.COM
domain-name: example.com
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin


$ sudo realm join -U Administrator example.com
Password for Administrator:


$ realm list
example.com
type: kerberos
realm-name: EXAMPLE.COM
domain-name: example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %[email protected]
login-policy: allow-realm-logins


$ sudo bash -c "cat > /usr/share/pam-configs/mkhomedir" <<EOF
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pammkhomedir.so umask=0022 skel=/etc/skel EOF

$ sudo pam-auth-update Ensure  “activate mkhomedir” is selected, it should have [*]

$ sudo systemctl restart sssd

$ sudo systemctl status sssd

$ id jmutai (логин) uid=1783929917([email protected]) gid=1784800513(domain [email protected]) groups=1783870513(domain [email protected])

realm permit -g GPOusers_llinux

realm permit -g GPOmin_linux

HELPPing
September 13, 2020, 19:12
0 reactions
0 views