Difference between revisions of "Active Directory CentOS"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/")
 
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
https://www.redhat.com/sysadmin/linux-active-directory
 +
 +
 
https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/
 
https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/
 +
 +
```
 +
#!/usr/bin/env bash
 +
set -e
 +
ad_username=myuser
 +
ad_userpass=mypass
 +
ad_domain=example.com
 +
 +
sudo dnf install -y realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation authselect-compat
 +
realm  discover $ad_domain
 +
echo $ad_userpass | realm join $ad_domain -U $ad_username
 +
# sudo authselect select sssd
 +
# sudo authselect select sssd with-mkhomedir  # Use if needed though probably not
 +
sudo systemctl restart sssd
 +
systemctl status sssd
 +
# realm deny --all
 +
realm permit -g 'MyAdministratorsGroup'
 +
```
 +
 +
# Issues
 +
 +
Group Cache Update Issues on 7 using Samba using winbind (sssd might be different)
 +
```
 +
#!/usr/bin/env bash
 +
set -e
 +
service winbind stop
 +
rm /var/lib/samba/netsamlogon_cache.tdb
 +
# rm /var/lib/samba/winbindd_cache.tdb
 +
service winbind start
 +
id -G -n my-tester@example.com
 +
 +
 +
 +
ssh -o PubkeyAuthentication=no -l "EXAMPLE\my-tester" myhost.example.com
 +
```

Latest revision as of 14:57, 1 August 2022

https://www.redhat.com/sysadmin/linux-active-directory

https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/

#!/usr/bin/env bash
set -e
ad_username=myuser
ad_userpass=mypass
ad_domain=example.com

sudo dnf install -y realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation authselect-compat
realm  discover $ad_domain
echo $ad_userpass | realm join $ad_domain -U $ad_username
# sudo authselect select sssd
# sudo authselect select sssd with-mkhomedir  # Use if needed though probably not
sudo systemctl restart sssd
systemctl status sssd
# realm deny --all
realm permit -g 'MyAdministratorsGroup'

Issues

Group Cache Update Issues on 7 using Samba using winbind (sssd might be different)

#!/usr/bin/env bash
set -e
service winbind stop
rm /var/lib/samba/netsamlogon_cache.tdb
# rm /var/lib/samba/winbindd_cache.tdb
service winbind start
id -G -n my-tester@example.com



ssh -o PubkeyAuthentication=no -l "EXAMPLE\my-tester" myhost.example.com