Hi,
Today I want to make your server more secure...
So install some useful packages:
#yum install realmd sssd oddjob oddjob-mkhomedir adcli samba-common ntpdate ntp krb5-workstation
Very important to have good time on servers with AD auth:
#systemctl enable ntpd.service
#ntpdate ntp.server-in-domain-OR-domain-controller
#sysemctl start ntpd.service
#sysemctl start realmd
Join server to domain:
#realm join --user=domainadminuser@domain domain
Change /etc/sssd/sssd.conf
#vi /etc/sssd/sssd.conf
add lines in sections
[sssd]
default_domain_suffix =
[nss]
shell_fallback = /bin/sh
allowed_shells = /bin/sh,/bin/rbash,/bin/bash
[domain/]
auth_provider = ad
chpass_provider = ad
Create group for Linux admins in AD linuxadmins@domain
Allow group to auth in linux
#realm deny --all
#realm permit -g linuxadmins@domain
Give sudo permissions to an Active Directory group
#visudo
Add line
%linuxadmins@domain ALL=(ALL) ALL
Just restart sssd
#systemctl restart sssd
More documentation
Today I want to make your server more secure...
So install some useful packages:
#yum install realmd sssd oddjob oddjob-mkhomedir adcli samba-common ntpdate ntp krb5-workstation
Very important to have good time on servers with AD auth:
#systemctl enable ntpd.service
#ntpdate ntp.server-in-domain-OR-domain-controller
#sysemctl start ntpd.service
#sysemctl start realmd
Join server to domain:
#realm join --user=domainadminuser@domain domain
Change /etc/sssd/sssd.conf
#vi /etc/sssd/sssd.conf
add lines in sections
[sssd]
default_domain_suffix =
[nss]
shell_fallback = /bin/sh
allowed_shells = /bin/sh,/bin/rbash,/bin/bash
[domain/
auth_provider = ad
chpass_provider = ad
Create group for Linux admins in AD linuxadmins@domain
Allow group to auth in linux
#realm deny --all
#realm permit -g linuxadmins@domain
Give sudo permissions to an Active Directory group
#visudo
Add line
%linuxadmins@domain ALL=(ALL) ALL
Just restart sssd
#systemctl restart sssd
More documentation
