0

I'm trying to configure a few Linux servers (Debian 9.5) to authenticate against our Active Directory server. I have the basics completed, following this video: https://www.youtube.com/watch?v=LSShUG75pWw I'm not doing the samba part, I just want the AD part. I have verified that I can login using one of my domain accounts, however there is a small issue.

I can't get my .bashrc to be initialized, nor any config file in my user root folder, which follows the format or /home/mydomainname.org/myusername/

In doing some further investigation, I found that Linux doesn't like groups with spaces in them. This raises a problem with the "domain users" default group.

I would like to limit the access to only users in a certain user group in my doiman, such as "LinuxUsers". Only allowing people in this AD group to be able to authenticate from a Linux Server against the domain controller.

I'm using the following linux modules, sssd & krb5-user. Here are my configs:

[sssd]
services = nss, pam
config_file_version = 2
domains = EXAMPLE.COM

[domain/EXAMPLE.COM]
id_provider = ad
access_provider = ad

# Use this if users are being logged in at /.
# This example specifies /home/DOMAIN-FQDN/user as $HOME.  Use with pam_mkhomedir.so
override_homedir = /home/%d/%u

# Uncomment if the client machine hostname doesn't match the computer object on the DC.
# ad_hostname = mymachine.example.com

# Uncomment if DNS SRV resolution is not working
# ad_server = dc.example.com

# Uncomment if the AD domain is named differently than the Samba domain
# ad_domain = EXAMPLE.COM

# Enumeration is discouraged for performance reasons.
# enumerate = true

# /etc/krb5.conf example

[libdefaults]
  ticket_lifetime = 24h
  default_realm = EXAMPLE.COM
  forwardable = true

[realms]
  EXAMPLE.COM = {
    kdc = 192.168.100.2
    default_domain = EXAMPLE.COM
  }

[domain_realm]
  .example.com = EXAMPLE.COM
  example.com = EXAMPLE.COM

[kdc]
  profile = /etc/krb5kdc/kdc.conf

[appdefaults]
  pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
  }

[logging]
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmin.log
  default = FILE:/var/log/krb5lib.log

Any recommendations?

Alan Williams
  • 37
  • 2

0 Answers0