Domain: def.com
Group: LinuxAdmin
AD User: timng(LinuxAdmin), royli
首先要確定Ubuntu能ping到def.com, 如果不能ping到正確IP, 就要查看DNS
apt install sssd-ad sssd-tools realmd adcli samba-common-bin policykit-1 packagekit
realm -v discover def.com
realm -v join -U Admin def.com
vi /etc/sssd/sssd.conf
[sssd]
services = nss, pam, pac
[domain/yourdomain.com]
use_fully_qualified_names = False
access_provider = simple
simple_allow_groups = LinuxAdmin
simple_allow_users = royli
vi /etc/sudoers.d/def_com
%LinuxAdmin ALL=(ALL) ALL
royli ALL=(ALL) ALL
chmod 440 /etc/sudoers.d/def_com
pam-auth-update --enable mkhomedir
systemctl restart sssd
Reference:
https://ubuntu.com/landscape/docs/active-directory-authentication
