Test connection to Active Directory domain and DC
dig -t SRV _ldap._tcp.xxx.com.sg
dig -t SRV _ldap._tcp.xxx.com.sg | grep -A2 "ANSWER SECTION"
Install Kerberos client and SSSD
sudo apt-get install krb5-user
sudo apt-get install realmd sssd sssd-tools ntp adcli
sudo apt-get install samba-common samba-common-bin samba-libs packagekit samba
Enter your domain (ALL UPPERCASE)
XXX.COM.SG
Attempt authenticating with AD (DOMAIN IN UPPERCASE)
kinit xxx@XXX.COM.SG
klist
Configure realmd
sudo nano /etc/realmd.conf
[service]
automatic-install = no
[users]
default-home = /home/%D/%U
default-shell = /bin/bash
[xxx.com.sg]
computer-ou = OU=Computers,DC=xxx,DC=com,DC=sg
automatic-id-mapping = yes
fully-qualified-names = no
user-principal = yes
manage-system = no
Join this host to Active Directory domain
sudo realm discover xxx.com.sg
sudo realm --verbose join xxx.com.sg -U kim
sudo realm --verbose join xxx.com.sg -U kim --computer-ou="Computers"
Change access_provider = simple to ad
sudo nano /etc/sssd/sssd.conf
access_provider = ad
sudo service sssd restart
Allow auto-creation of homedir for users
sudo nano /etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
Check Active Directory user name resolution
id xxx@xxx.com.sg
For Graphical login.
sudo nano /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
For samba
sudo nano /etc/samba/smb.conf
[global]
workgroup = XXX
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = XXX.COM.SG
security = ads
object-oriented