AD Domain Join (Ubuntu & CentOS) - cfloquetprojects/homelab GitHub Wiki

Domain Join Ubuntu 18.04 LTS to Windows AD

Initial Networking and Domain Join

  • We first need to change the ip to a static address through netplan (indents are missing, but can only be done with spaces, not indents!:
    network:
    ethernets:
    ens160:
    dhcp4: no
    addresses: [192.168.1.10/28]
    gateway4: 192.168.1.1
    nameservers:
    addresses: [192.168.1.3, 8.8.8.8]
    version: 2

  • Once we have network connection, we will grab the latest packages, and then install realm to be able to join our existing sysadmin.local domain:
    sudo apt update
    sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

  • We then have to install resolvconf in order to permanently set our DNS server, do that with the following commands shown below:
    sudo apt install resolvconf

  • We can then configure resolvconf to add our primary and secondary name servers by adding the following lines to /etc/resolvconf/resolv.conf.d/head:
    nameserver 192.168.1.3
    nameserver 192.168.1.4
    nameserver 8.8.8.8
    search sysadmin.local

  • Following a quick restart of a couple services we should be ready to ping our other servers/workstations by their FQDN:
    systemctl enable resolvconf
    systemctl restart systemd-resolved
    systemctl restart resolvconf\

  • Now we should be able to run our realm join command to actually authenticate to Windows AD:
    sudo realm join --user=YourAdminAccount yourdomain.local

RVTM:

  • We should now be able to ping other workstations/servers on our domain, as well as external addresses
    ping <example dns entry>.yourdomain.local
    ping champlain.edu
    ping google.com

Domain Join CentOS 7 to Windows AD

Initial Networking and Domain Join

  • We first need to change the ip to a static address using nmtui to set the IP:192.168.1.13/28
  • Next we set the DNS using nmtui and add 192.168.1.3 and 192.168.1.4 to the DNS
  • Now we can install needed packages :
    yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
  • Now we join the domain using the domain admin account :
    sudo realm join --user=YourAdminAccount YourDomain.local

RVTM:

  • Lastly we run a test to make sure we were added to the domain :
    realm list
  • the first line of the output should be the domain

Allowing Authenticated AD User to Escalate to Root

  • We will be using AD users to manage our Linux boxes so we should include the user in the /etc/sudoers allowing them to become root: echo "[email protected] ALL=(ALL:ALL) ALL" >> /etc/sudoers