PAM configuration for Windows Active Directory via SSSD

From OS4X
Revision as of 11:46, 27 November 2024 by Admin (talk | contribs) (Created page with "== Installation == Install the necessary packages, for Debian and derivates the packages are <code>sssd</code>, <code>adcli</code>, <code>realmd</code>, <code>oddjob</code>, <...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Installation

Install the necessary packages, for Debian and derivates the packages are sssd, adcli, realmd, oddjob, oddjob-mkhomedir and packagekit 

apt install sssd adcli realmd oddjob oddjob-mkhomedir packagekit

Make sure DNS is pointing to your AD server(s) by checking /etc/resolv.conf and it having it contain an entry with an AD server IP, if it’s missing go ahead and add it, as the first entry.

systemd

If your network is managed by systemd, you cannot edit /etc/resolv.conf directly. Install resolvconf (if not already installed) 

apt install resolvconf

Edit /etc/resolvconf/resolv.conf.d/head and add your AD: nameserver 192.168.40.105 and apply the change: 

resolvconf --enable-updates
resolvconf -u

Join AD

Now you can issue the realm join command with the domain name in order to join the domain. 

realm join AD.EXAMPLE.COM

It will default to use the Administrator user, add the -U flag to specify a different user account to join the domain. 

realm join -U os4x AD.EXAMPLE.COM

Now see if it works, and issue an id command. 

id os4x@AD.EXAMPLE.COM

If you want to use short names, edit sssd.conf and set use_fully_qualified_names to false.

Advanced

sssd provides alternative directory servers modules, you can find detailed documentation in the official docs.

Retrieved from "https://wiki.os4x.com/index.php?title=PAM_configuration_for_Windows_Active_Directory_via_SSSD&oldid=3853"