AD integration - ssh/sudoers using AD accounts

From Tech-Wiki
Revision as of 16:44, 6 March 2025 by Fabricio.Lima (Talk | contribs) (Created page with "# install vmware tools yum -y install open-vm-tools apt-get install open-vm-tools service vmtoolsd start systemctl enable vmtoolsd # Add missing basic networking tools...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  1. install vmware tools

yum -y install open-vm-tools apt-get install open-vm-tools service vmtoolsd start systemctl enable vmtoolsd


  1. Add missing basic networking tools

apt-get install net-tools


  1. NTP

apt install chrony

  1. Use AD DCs as NTP source in /etc/chrony/chrony.conf

server dring.internal.oriongroup.co.nz iburst server dyson.internal.oriongroup.co.nz iburst

systemctl enable chrony ; systemctl restart chrony timedatectl set-timezone Pacific/Auckland timedatectl ; chronyc makestep systemctl disable systemd-timesyncd ; systemctl stop system-timesyncd


  1. allow sudo from required AD group

vi /etc/sudoers.d/ad-admins %Domain\ Admins ALL=(ALL) ALL


  1. enable AD auth and DNS registration

yum -y install sssd adcli realmd samba-common-tools oddjob oddjob-mkhomedir apt install sssd-ad sssd-tools realmd adcli realm -v discover internal.oriongroup.co.nz realm join internal.oriongroup.co.nz --user limafadmin

  1. Add those to /etc/sssd/sssd.conf

access_provider = simple simple_allow_groups = Domain Admins@internal.oriongroup.co.nz use_fully_qualified_names = false dyndns_update = true dyndns_refresh_interval = 43200 dyndns_update_ptr = true dyndns_ttl = 3600

systemctl restart sssd.service pam-auth-update (and enable homedir creation)

  1. restrict root login from ssh

On /etc/ssh/sshd.conf PermitRootLogin no

Retrieved from ‘http://tech-wiki.net/index.php?title=AD_integration_-_ssh/sudoers_using_AD_accounts&oldid=3070