Realmd

Step 1: Check resolving

cat /etc/resolv.conf

here should be some think like

search domain.local
nameserver 192.168.16.1

Step 2: Install Software

sudo apt-get install sssd realmd sssd-tools libnss-sss libpam-sss adcli packagekit

Step 3: Make sure DNS follows files on hosts field

/etc/nsswitch.conf

passwd: compat sss
group: compat sss
shadow: compat
...
netgroup: nis sss
sudoers: files sss

hosts: files dns mdns4_minimal [NOTFOUND=return]

Step 4: Join Domain

realm join domain.com --user=DomainAdmin

Step 5: Check join settings

realm list
biopack.be
type: kerberos
realm-name: BIOPACK.BE
domain-name: biopack.be
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U@biopack.be
login-policy: allow-realm-logins

Step 6: Check ID to make sure you resolve users

id administrator
id: administrator: no such user

id administrator@biopack.be
uid=1829600500...

Step 7: Configure SSSD - Edit lines accordingly

vim /etc/sssd/sssd.conf

default_shell = /usr/bin/zsh
use_fully_qualified_names = False

fallback_homedir = /home/%d/%u

#create these new lines
case_sensitive = False
enumerate = True
ldap_idmap_range_min  =    9700000
ldap_idmap_range_max  = 2009700000
ldap_idmap_range_size = 2000000000

Stop the service:  service sssd stop
Then delete the cache files from /var/lib/sss/db
then restart service: service sssd start
if you don't do this, the service will most likely crash

Step 8: Have home directories made automatically

vim /etc/pam.d/common-session

add to bottom of file:

session required pam_mkhomedir.so umask=0022 skel=/etc/skel

https://help.ubuntu.com/lts/serverguide/sssd-ad.html

https://4sysops.com/archives/join-a-debian-linux-server-to-an-active-directory-domain/

https://community.spiceworks.com/how_to/144319-join-debian-to-ad

Comments

Linux links	Search this site