DragonSlayer_14/Linux-Active-Directory-join-script
1
0
Fork 0
mirror of https://github.com/PierreGode/Linux-Active-Directory-join-script.git synced 2025-12-21 08:50:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
PierreGoude 2017-09-08 11:50:37 +02:00 committed by GitHub
parent 3e005618ed
commit 63cf4f534c
1 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@ -4,38 +4,47 @@ This is a script for Active Directory join for Ubuntu 14, 16, Debian, CentOS, an
Complete steps Complete steps
1. create computer object in AD lets say the name is= linuxcomputer as example 1. create computer object in AD lets say the name is= "linuxcomputer" as example
2. create a group name LINUXCOMPUTERsudoers in AD ( if you wish to remove sudoers you must edit script ) 2. If you want to manage sudo users by a group then create a group name LINUXCOMPUTERsudoers in AD, the script will allow you to choose if you want users to be sudoesr or not.
3. set hostname on you computer to linuxcomputer (hostname and hosts files) and reboot 3. set hostname on you computer to "linuxcomputer" (hostname and hosts files) and reboot
4. git clone this script and run. 4. git clone this script and run.
execute the script with sudo sh ADconnection.sh, It will detect if it is a client or a server. execute the script with sudo sh ADconnection.sh, It will detect if it is a client or a server, it will also detect if client is running ubuntu 14,16 or 17
the script will find your domain name if existing the script will find your domain name if existing, if now a promt will let you type the domain name. "domain.com"
after that authorise with a admin user. after that authorise with a admin user.
make sure to read carefully and also read built in help in the script. make sure to read the questions carefully and also read built in help in the script.
For security this script creates an ssh allow file so users that are not in the correct AD group can login, For security this script creates an ssh allow file so users that are not in the correct AD group can't login,
NOTICE! if your user is not administrator you MUST edit annd add current user in the ssh-allow section. NOTICE! if your local user is not administrator you MUST edit and add current local user in the ssh-allow section.
If you current local user is not in the SSH-ALLOW file it will be BANNED from the computer! If you current local user is not in the SSH-ALLOW file it will be BANNED from the computer!
Updated. : I will add the ability to choose if you want to dissable SSH-allow, Updated. :Added the ability to choose if you want to dissable SSH-allow,
note: users in other groups will be able to ssh to the client, but will not have sudo rights. note: if ssh is disabled users in other groups will be able to ssh to the client, but will not have sudo rights.
Updated. : Updated. :
also the ability to choose if clients should have sudo rights or not ( clients will be sudo by default ) also the ability to choose if clients should have sudo rights or not ( clients will be sudo by default )
if you seclect no on this option there i no need for an AD group "LINUXCOMPUTERsudoers" in active directory, all domain users
will have nonsudo access. "notice this option can not be combined with the option YES on ssh-allow"
this will make the cleanest setup possible. no @ in names or in home folder Updates:
home folder will be /home/myad.intra/you added join to ubuntu clients with debug mode.
User name will be only set as "you" without /myad/you or you@myad.intra. just clean. this is to prevent complications for developers when building code debugmode will open 2 terminals and will post information while you run the script.
after reboot just login with you AD account "you" and password... again.. no @ or / is needed, just "user"
This will make the cleanest setup possible. no @ in names or in home folder
home folder will be /home/domain.com/you
User name will be only set as "you" without /myad/you or you@domain.com just clean. this is to prevent complications for developers when building code
After reboot just login with you AD account "you" and password... again.. no @ or / is needed, just "user"
to test access of a user execute in terminal from administrator account: id user
For best security. I restricted ssh to domain and administrator users. For best security. I restricted ssh to domain and administrator users.
also clients will only allow login from assigned group ( hostnamesudoers ) also clients will only allow login from assigned group ( "LINUXCOMPUTERsudoers" )
How do i update my password? How do i update my password?
( changed password but Linux is still on old password ) ( changed password but Linux is still on old password )
First time you login your "user" caches on the computer ( means that you can login beeing disconected to "office network" First time you login your "user" caches on the computer ( means that you can login beeing disconected to "office network"
to update the password, on office network.. open a terminal and execute sudo service sssd restart. to update the password. On office network.. open a terminal and execute sudo service sssd restart, this will reload information.
I have issues! I have issues!