active directory domain controller integration with linux code example
Example: join linux to ad domain
Install Ubuntu.(setup hostname when install,
example: UBUNTUVMACHINE)
Setup Static IP.
Open terminal,
CMD:sudo apt update
CMD:sudo apt-get install fping
Make sure your Ubuntu Desktop machine has access to the Active Directory domain and the Domain Controllers:
CMD:dig -t SRV _ldap._tcp.bmbdlocal.lan | grep -A2 "ANSWER SECTION"
;; ANSWER SECTION:
_ldap._tcp.bmbdlocal.lan. 600 IN SRV 0 100 389 Server2016.bmbdlocal.lan.
ping Active Directory domain and the Domain Controllers:
example:ping bmbdlocal.lan
example:ping server2016.bmbdlocal.lan
also
CMD:fping server2016.bmbdlocal.lan
server2016.bmbdlocal.lan is alive
Install all necessary packages:
CMD:sudo apt-get -y install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp
after ask type:BMBDLOCAL.LAN
then OK
Setup your ntp service to point to our domain timeservers:
CMD: sudo vi /etc/ntp.conf
...
server2016.bmbdlocal.lan
...
restart your ntp service:
CMD:sudo service ntp restart
Setting up realmd:
CMD: sudo vi /etc/realmd.conf
...
[users]
default-home = /home/%D/%U
default-shell = /bin/bash
[active-directory]
default-client = sssd
os-name = Ubuntu Desktop Linux
os-version = 14.04
[service]
automatic-install = no
[bmbdlocal.lan]
fully-qualified-names = no
automatic-id-mapping = yes
user-principal = yes
manage-system = no
...
Join the Ubuntu machine on the AD domain:
CMD:sudo kinit [email protected]
Password for [email protected]:
[You will not see any output while you type the password. That’s normal.]
Add the Ubuntu machine in the domain:
CMD:sudo realm --verbose join bmbdlocal.lan \
--user-principal=UBUNTUVMACHINE/[email protected] --unattended
Setting up sssd:
CMD:sudo vi /etc/sssd/sssd.conf
Modify the access_provider = simple
access_provider = ad
Restart the sssd service:
CMD:sudo service sssd restart
Setup homedir auto-creation for new users:
CMD: sudo vi /etc/pam.d/common-session
...
session required pam_unix.so
session optional pam_winbind.so
session optional pam_sss.so
session optional pam_systemd.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
...
Check Active Directory users name resolution:
CMD:id domainuser(test1)
uid=951601106(test1) gid=951600513(domain users) groups=951600513(domain users)
Setting up LightDM for CLI mode ubuntu or linux:[no need for ubuntu GUI]
CMD: sudo vi /etc/lightdm/lightdm.conf
...
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
...