1

I would like to be able to dynamically manage accounts on a Debian box that I am building. For this I think a possible solution is to have the box on our Windows domain and sync with a user group on the domain.

The desired effect is that whenever a user is added to the domain group, a new user account will be created on the Debian box, along with home directory etc.

As a sidenote, the Debian box is already configured to use Vault OTP SSH engine for authenticating onto the box. With this in mind, I do not intend to have the Debian box go to Active Directory to validate credentials. This renders the windows account password redundant to a certain extent.

Is what I am looking for achievable in an easy way? What key terms, processes should I be looking for?

jim
  • 183
  • 1
  • 7
  • You *could* "sync" a groups members by executing a query (like `Get-ADGroupMember` in powershell), but that will render you with a complete new set of problems, like dupicate account names. I'd recommend to put the linux box into the active directory. – bjoster May 16 '18 at 13:20
  • Is this a possible copy of this question? https://serverfault.com/questions/23632/how-to-use-active-directory-to-authenticate-linux-users?rq=1 – McITGuy Jun 13 '18 at 20:39

0 Answers0