Directorul activ bazat pe numeric(01012578) nu se poate autentifica
dar cu același DC, ne putem autentifica folosind numele de utilizator De ex. syed
client o.s versiunea desktop 20.0.4
Script AD
#!/bin/sh
#Linux
Integrare cu Active Directory Script
#Autor: Syed
#Instalați toate componentele necesare
echo Instalarea tuturor componentelor necesare
sudo apt install -y krb5-config
sudo apt install -y msktutil
sudo apt install -y samba
sudo apt-get install -y realmd sssd sssd-tools libpam-sss libnss-sss
sudo apt-get install -y krb5-user adcli packagekit
sudo apt-get install ntpdate
citește -p "Introduceți numele domeniului dvs.: " DomainName
eco folosind $DomainName
sudo ntpdate -q $DomainName
sudo ntpdate $DomainName
REALMD="/etc/realmd.conf"
/bin/cat <$REALMD
automat-install = nr
EOM
sed -i '28isession opțional pam_mkhomedir.so skel = /etc/skel/ mask=0077' /etc/pam.d/common-session
sudo realm descoperă $DomainName
sudo realm join $DomainName -U administrator --verbose
lista sudo realm
sudo tărâmul permis--toate
sudo realm permit -g AD_group
sudo mv /etc/krb5.conf /etc/krb5.conf.default
citiți -p "Introduceți numele sistemului dvs. de domeniu: " SystemName
KRB5FILE="/etc/krb5.conf"
/bin/cat <$KRB5FILE
[libdefaults]
default_realm = $DomainName
rdns = nu
dns_lookup_kdc = adevărat
dns_lookup_realm = adevărat
[tărâmuri]
$DomainName = {
kdc = $SystemName.$DomainName
admin_server = $SystemName.$DomainName
}
EOM
kinit syed
klist
citiți -p „Introduceți numele gazdei locale: „ Nume gazdă
msktutil -N -c -b 'CN=COMPUTERS' -s $HostName/$HostName.$DomainName -k my-keytab.keytab --computer-name $HostName --upn $HostName$ --server $SystemName.$DomainName --user-creds-only
sudo mv my-keytab.keytab /etc/sssd/my-keytab.keytab
sudo mv /etc/sssd/sssd.conf /etc/sssd/sssd.conf.default
SSSDFILE="/etc/sssd/sssd.conf"
/bin/cat <$SSSDFILE
[sssd]
servicii = nss, pam
config_file_version = 2
domenii = $DomainName
[nss]
entry_negative_timeout = 0
#debug_level = 5
[pam]
#debug_level = 5
[domeniu/$DomainName]
#debug_level = 10
enumerate = false
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
dyndns_update = fals
ad_hostname = $HostName.$DomainName
ad_server = $SystemName.$DomainName
ad_domain = $DomainName
ldap_schema = ad
ldap_id_mapping = adevărat
fallback_homedir = /home/%u
default_shell = /bin/bash
ldap_sasl_mech = gssapi
ldap_sasl_authid = $HostName$
krb5_keytab = /etc/sssd/my-keytab.keytab
ldap_krb5_init_creds = adevărat
EOM
sudo chmod 0600 /etc/sssd/sssd.conf
sudo nano /etc/pam.d/common-session
sudo systemctl reporniți sssd
