Prerequisits

Install realmd and some other tools

apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

Testing connection to AD

realm discover ad.local

Join the AD

sudo realm join -v -U administrator ad.local

Enter the password for the user.

You can verify the connection by looking up a user or object.

id [email protected]

Example output:

uid=71420903([email protected]) gid=71400513(domain [email protected])

Enable home directory creation

vi /etc/pam.d/common-session

Add at the end of the file

# create home directory automatically on login
session optional pam_mkhomedir.so skel=/etc/skel umask=077

Omit domain name

vi /etc/sssd/sssd.conf

Change to

use_fully_qualified_names = False

Add to sudoers based on domain group

sudo vi /etc/sudoers.d/activedirectory

Set contents to

%Local\ Admin\ Group\ -\ servername       ALL=(ALL) ALL

Spaces must be escaped with a backslash

Limit logins

First, deny all users

sudo realm deny --all

Then add the group you want to allow

sudo realm permit -g "Local Admin Group - [email protected]"

After changes

Restart the sssd service

systemctl restart sssd

Verify login

su - [email protected]

Credits

• https://www.server-world.info/en/note?os=Ubuntu_20.04&p=realmd