Difference between revisions of "Active Directory CentOS"
Jump to navigation
Jump to search
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | https://www.redhat.com/sysadmin/linux-active-directory | ||
| + | |||
| + | |||
https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/ | https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/ | ||
| Line 11: | Line 14: | ||
realm discover $ad_domain | realm discover $ad_domain | ||
echo $ad_userpass | realm join $ad_domain -U $ad_username | echo $ad_userpass | realm join $ad_domain -U $ad_username | ||
| − | sudo authselect select sssd | + | # sudo authselect select sssd |
| − | sudo authselect select sssd with-mkhomedir | + | # sudo authselect select sssd with-mkhomedir # Use if needed though probably not |
sudo systemctl restart sssd | sudo systemctl restart sssd | ||
systemctl status sssd | systemctl status sssd | ||
| + | # realm deny --all | ||
realm permit -g 'MyAdministratorsGroup' | realm permit -g 'MyAdministratorsGroup' | ||
| + | ``` | ||
| + | |||
| + | # Issues | ||
| + | |||
| + | Group Cache Update Issues on 7 using Samba using winbind (sssd might be different) | ||
| + | ``` | ||
| + | #!/usr/bin/env bash | ||
| + | set -e | ||
| + | service winbind stop | ||
| + | rm /var/lib/samba/netsamlogon_cache.tdb | ||
| + | # rm /var/lib/samba/winbindd_cache.tdb | ||
| + | service winbind start | ||
| + | id -G -n my-tester@example.com | ||
| + | |||
| + | |||
| + | |||
| + | ssh -o PubkeyAuthentication=no -l "EXAMPLE\my-tester" myhost.example.com | ||
``` | ``` | ||
Latest revision as of 14:57, 1 August 2022
https://www.redhat.com/sysadmin/linux-active-directory
https://computingforgeeks.com/join-centos-rhel-system-to-active-directory-domain/
#!/usr/bin/env bash set -e ad_username=myuser ad_userpass=mypass ad_domain=example.com sudo dnf install -y realmd sssd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation authselect-compat realm discover $ad_domain echo $ad_userpass | realm join $ad_domain -U $ad_username # sudo authselect select sssd # sudo authselect select sssd with-mkhomedir # Use if needed though probably not sudo systemctl restart sssd systemctl status sssd # realm deny --all realm permit -g 'MyAdministratorsGroup'
Issues
Group Cache Update Issues on 7 using Samba using winbind (sssd might be different)
#!/usr/bin/env bash set -e service winbind stop rm /var/lib/samba/netsamlogon_cache.tdb # rm /var/lib/samba/winbindd_cache.tdb service winbind start id -G -n my-tester@example.com ssh -o PubkeyAuthentication=no -l "EXAMPLE\my-tester" myhost.example.com