Skip to content

Adding Linux Computer to Active Dirtectory

Modify the hostname

Change the hostname of the VM to a friendly name (see example below) using the following command:

Full name:jnb1srvdscocsprxvm-vmname -> Friendly name: vmname

hostnamectl set-hostname hostmonitor.ocs.cloudlet.cloud

Install the sssd packages

sudo apt update
sudo apt install realmd sssd-ad sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

Add the DNS nameservers to the VM config files

Depending on the type of Linux, this will be done in a different way.

Add the following nameservers to the VM: - 10.8.1.10 - 10.8.3.10

Test to see if the DNS is working

nslookup ocsjnb1ad
nslookup ocsjnb3ad

Connecting VM to the AD

  1. Run this command to discover the realm: 

    realm discover ocs.cloudlet.cloud

  2. Run This command to join the VM to the AD realm:

    Use the short-name of the user Computer name needs to be all caps (example: JNB1PRX90)

realm join --user=<user> ocs.cloudlet.cloud --computer-name=<SHORT-NAME>

  1. Enable the mkhomedirectory for pam-auth 

    pam-auth-update --enable mkhomedir

  2. Check the AD Computers to see if the new VM has been added tot he realm.

  3. Run this command to check the AD user id on the VM:

    Use the short-name of the user 

    id '<user>@ocs.cloudlet.cloud'

SSSD Configuration

  1. The contents of the /etc/sssd/sssd.conf file should be changed to the below:

  2. Copy from fallback_homedir = /home/%u and replace in existing file:

Warning

Change the 'dyndns_iface = vmbr2' to the corresponding interface on the server

[sssd]
domains = ocs.cloudlet.cloud
config_file_version = 2
services = nss, pam

[domain/ocs.cloudlet.cloud]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = OCS.CLOUDLET.CLOUD
realmd_tags = manages-system joined-with-adcli
id_provider = ad
ldap_sasl_authid = JNB1PRX90$
fallback_homedir = /home/%u
ad_domain = ocs.cloudlet.cloud
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad

# DNS updates
dyndns_update = True
dyndns_refresh_interval = 43200
dyndns_ttl = 3600
dyndns_auth = GSS-TSIG
dyndns_iface = vmbr2 # CHANGE THIS INTERFACE

# Group-based access
ad_access_filter = memberOf=CN=Operations,CN=Users,DC=ocs,DC=cloudlet,DC=cloud
sudo_provider = ad
  1. Restart the sssd services: 
    systemctl restart sssd

Give operation users sudo privilages

Create the directory /etc/sudoers.d/operations and paste the following: 

%Operations ALL=(ALL) ALL