How To Join A Linux Server To A Windows Domain

Integrating a Linux Machine Into Windows Agile Directory Domain

This article will describe the process of adding a Linux machine (Ubuntu twenty.04) into a Windows Active Directory Domain.

Step i. Install packages and preparation.

Let's update packages starting time.

sudo apt update
sudo apt upgrade

After that, install the required packages.

sudo apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

Next, we will configure all of these tools to work with the domain. All we need to know is:

• Domain name: office.local
• DNS server IP: 192.168.0.1
• Second DNS server IP: 192.168.0.two

Step 2. Configure DNS.

Await in netplan config file.

sudo nano /etc/netplan/*.yaml

If you see there 'dhcp4: truthful' and your DHCP server is configured in a right mode, go to the next step.
If you lot configure the network connexion parameters manually, hither is an instance for setting up static addresses:

network:
ethernets:
enp0s3:
addresses:
- 192.168.0.15/24
gateway4: 192.168.0.ten
nameservers:
addresses: [192.168.0.ane, 192.168.0.2]
search:
- office.local
optional: true
version: 2

• addresses — this ip address will be assigned to your network carte;
• gateway4 — ip address of your router;
• nameservers — DNS servers;
• search — target domain.

sudo netplan use

Footstep 3. Discover the domain, join it, and check the effect.

Start, find the domain.

realm discover part.local

We'll see something like this. This means that the network settings are correct and our machine received an answer from the domain. If not, you need to check your network settings, domain, and DNS health.

role.local
type: kerberos
realm-name: OFFICE.LOCAL
domain-name: office.local
configured: no
...

Next, join the Advertising domain. Replace 'admin' with the domain administrator's username and enter the password for it if prompt.

realm join -U admin part.local
Password for admin:

Now permit'due south bank check if nosotros can go data near the Advertizing user. Supercede 'user' with the name of the domain user account.

id user@part.local
uid=687821651(user@part.local) gid=687800512(user@office.local) groups=687800512(domain users@part.local)

Stride 4. Last settings and logging in.

To avoid calculation the domain name to the username every time, allow'southward configure this.

sudo nano /etc/sssd/sssd.conf

Change the 'use_fully_qualified_names' value to False. Restart and cheque:

sudo systemctl restart sssd
id user
uid=687821651(user@part.local) gid=687800512(user@office.local) groups=687800512(domain users@role.local)

At present nosotros need to to set a creation of Domicile Dirs for Advertising users when they log in.

sudo nano /etc/pam.d/mutual-session
#add this line in the end of file
session optional pam_mkhomedir.so skel=/etc/skel umask=077

Let's endeavour to log in as an AD user.

su – user
Password:
Creating directory '/dwelling/user@office.local'.
user@ubuntu-server:~$
This means that you have successfully logged in as an AD user.

Additionally, yous tin can let authorization for some AD users or groups and restrict others. The example below is fix to deny everyone and allow for user, user2, Domain Admins group.

sudo realm deny –all
sudo realm let user@role.local user2@office.local
sudo realm permit -k 'Domain Admins'

Configuring Advertizing users to get root privileges is the same as for local users, but in another file.

sudo nano /etc/sudoers.d/admins

Add the necessary lines to it. For instance:

user ALL=(ALL) ALL
%Domain\ Admins ALL=(ALL) ALL

Аverage rating: 5.0

Rated by: two

1101 CT Amsterdam The netherlands, Herikerbergweg 292

+31 20 262-58-98

700 300

ITGLOBAL.COM NL

1101 CT Amsterdam Kingdom of the netherlands, Herikerbergweg 292

+31 20 262-58-98

700 300

ITGLOBAL.COM NL

700 300

Source: https://serverspace.io/support/help/linux-machine-into-windows-ad-domain/

Posted by: johnstonwhiced1949.blogspot.com

Share this post