====== AD Domain Join ======
Joinin Linux to an AD Domain.

==== Links ====
Weiterführende Links zum Thema:
  * [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/sssd-integration-intro#sssd-posix]]
  * [[https://staff.washington.edu/ketcham/sssd-uwwi-integration/uwwi_group_problems/sssd-problem-with-unix-ids.html]]

===== using realm =====
Auf neueren Linuxvarianten geht der Domain Join ganz einfach über das ''realm'' toolset.

<code>
# realm join aendy.ch --automatic-id-mapping=no
</code>

==== sssd.conf ====
Mimimalistic conf, but users without domainpart i.e. ''username'' instead of ''username@domain'' and with UID/GID from Active Directory Property.
<file ini sssd.conf>
[sssd]
domains = aendy.ch
config_file_version = 2
services = nss, pam

[domain/aendy.ch]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AENDY.CH
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u
ad_domain = aendy.ch
use_fully_qualified_names = false
ldap_id_mapping = False
access_provider = ad
</file>

Änderungen anwenden, wenn z.B. ''use_fully_qualified_names'' oder änhnliches geändert hat. Der Cache muss dann geleert werden.

<code>
systemctl stop sssd
rm -f /var/lib/sss/db/*
systemctl start sssd
</code>

<WRAP center round todo 60%>
...to be continued
</WRAP>