AD Domain Join

Joinin Linux to an AD Domain.

Weiterführende Links zum Thema:

using realm

Auf neueren Linuxvarianten geht der Domain Join ganz einfach über das realm toolset.

# realm join aendy.ch --automatic-id-mapping=no

sssd.conf

Mimimalistic conf, but users without domainpart i.e. username instead of username@domain and with UID/GID from Active Directory Property.

sssd.conf
[sssd]
domains = aendy.ch
config_file_version = 2
services = nss, pam
 
[domain/aendy.ch]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = AENDY.CH
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u
ad_domain = aendy.ch
use_fully_qualified_names = false
ldap_id_mapping = False
access_provider = ad

Änderungen anwenden, wenn z.B. use_fully_qualified_names oder änhnliches geändert hat. Der Cache muss dann geleert werden.

systemctl stop sssd
rm -f /var/lib/sss/db/*
systemctl start sssd

…to be continued