domain

Ubuntu Joining the Domain

Posted by robd on May 04, 2022
Linux / No Comments

Hello,

I had to join a Ubuntu server to a Window Domain recently, here’s what I did, the # are just annotated notes:

#Update the \etc\hosts file for 127.0.0.1 to be the hostname
sudo vi /etc/hosts
127.0.0.1 UbuntuServer.domain.com UbuntuServer


#Install the packages
sudo apt-get update
sudo apt-get install krb5-user samba sssd sssd-tools libnss-sss libpam-sss ntp ntpdate realmd adcli

#Update NTP for domain time
sudo vi /etc/ntp.conf

#In the ntp.conf file, create a line an add the following:
server domain.com
# I also removed out all the other NTPs


#stop and start ntp and we are golden
sudo systemctl stop ntp
sudo ntpdate domain.com
sudo systemctl start ntp


#Dicover the fookin domain (Case SeNsAtIvE)
sudo realm discover DOMAIN.COM
#should see the domain


#Initialise Kerberos (Case SeNsAtIvE) use yor own frickin username
kinit -V admin@DOMAIN.COM
#chuck in your password


#join the muther fuzin domain baby, you have a choice here, if your server can reach all your DCs in your domain then use the first command, if it cant then you have to specify one:
#1
#sudo realm join --verbose DOMAIN.COM -U admin@DOMAIN.COM --install=/
#2
sudo realm join --verbose -U admin@DOMAIN.COM dc01.DOMAIN.COM --install=/


#comment out the use fully qualified thing
sudo vi /etc/sssd/sssd.conf
# use_fully_qualified_names = True

#restart ssssd
sudo systemctl restart sssd

#enable the user to vcreate home dirve
sudo vi /etc/pam.d/common-session
#place the following under the line that contains session optional pam_sss.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

#test
id admin@DOMAIN.COM

#visudo bitches
sudo visudo -f /etc/sudoers
%Domain\ Admins ALL=(ALL) NOPASSWD:ALL


#change the domains so we can login
sudo vi /etc/krb5.conf

        DOMAIN.COM = {
                kdc = dc01.domain.com
                kdc = dc02.domain.com
                admin_server = admin.domain.com
        }

.domain.com = DOMAIN.COM

#allows these to ssh
sudo realm permit -g 'Domain Admins'
sudo realm permit -g 'Tronstride Servers Local Admins'


#toublshoot
tail -f /var/log/auth.log

 

Tags: , , ,

DNS for a subdomain

Posted by robd on May 08, 2014
DNS / No Comments

Hi All,

My company uses a sub domain for a satellite office, all works fine and replication takes places etc etc.

The problem I had was with DNS.  I’m based in Contoso.local and I cannot ping any device the sub-domain Sub.contoso.local without fully qualifying the domain.

For example if I ping a server1 on the subdomain using

"Ping Server1"

DNS cannot route the command where as if I type

"Ping Server1.sub.contose.local"

it works fine.

I’ve checked DNS on Contoso.local and there are conditional forwarders to Sub.contoso.local:

DNS_Issue

So how can I get around this??  The answer is to add a DNS Suffix locally or to all the domain devices via group policy:

Group policy:

Computer Policy > Policies > Administrative Templates > Network/DNS Client > DNS Suffix Search List.

DNS_Issue_GP_Suffix

Then GPUPDATE /force your client and run IPCONFIG /ALL and you should see:

DNS_Issue_IPCONFIG

 

 

Tags: , , , , , ,