Difference between revisions of "Ubuntu Active Directory"
Jump to navigation
Jump to search
| Line 6: | Line 6: | ||
sudo apt install -y sssd-ad sssd-tools realmd adcli | sudo apt install -y sssd-ad sssd-tools realmd adcli | ||
sudo realm join -U ${myuser} -v ${mydomain} | sudo realm join -U ${myuser} -v ${mydomain} | ||
| + | echo "ad_gpo_ignore_unreadable = True" >> /etc/sssd/sssd.conf | ||
``` | ``` | ||
| Line 34: | Line 35: | ||
``` | ``` | ||
sudo systemctl restart sssd | sudo systemctl restart sssd | ||
| + | |||
| + | In order to fix this make sure that this AD object has following attributes readable: nTSecurityDescriptor, cn, gPCFileSysPath, gPCMachineExtensionNames, gPCFunctionalityVersion | ||
Revision as of 13:24, 12 August 2020
Join Domain
sudo apt install -y sssd-ad sssd-tools realmd adcli
sudo realm join -U ${myuser} -v ${mydomain}
echo "ad_gpo_ignore_unreadable = True" >> /etc/sssd/sssd.conf
- sudo apt install sssd-ad sssd-tools realmd adcli
20.04
ssh-copy-id -i .ssh/id_ed25519 'busk@exampel.org'@10.x.x.x ssh 'busk@extendhealth.com'@10.x.x.x realm permit busk@example.org realm permit -x jebusk@example.org realm permit -g 'Domain Users@example.org' ssh 10.250.6.180 # or for all # echo "ad_gpo_access_control = permissive" >> /etc/sssd/sssd.conf # sudo systemctl restart sssd
/etc/sssd/sssd.conf needs the following entry.
[domain/your.domain] ad_gpo_access_control = permissive
sudo systemctl restart sssd
In order to fix this make sure that this AD object has following attributes readable: nTSecurityDescriptor, cn, gPCFileSysPath, gPCMachineExtensionNames, gPCFunctionalityVersion
Other
- https://wiki.ubuntu.com/Enterprise/Authentication/sssd
- https://ubuntu.com/server/docs/service-sssd
- sudo apt-get install sssd libpam-sss libnss-sss sssd-tools