{"id":1789,"date":"2016-09-28T17:03:29","date_gmt":"2016-09-28T15:03:29","guid":{"rendered":"http:\/\/monodes.com\/predaelli\/?p=1789"},"modified":"2016-09-28T17:03:29","modified_gmt":"2016-09-28T15:03:29","slug":"joining-debian-8-to-active-directory","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2016\/09\/28\/joining-debian-8-to-active-directory\/","title":{"rendered":"Joining Debian 8 to Active Directory"},"content":{"rendered":"<p><em><a href=\"http:\/\/www.alandmoore.com\/blog\/2015\/05\/06\/joining-debian-8-to-active-directory\/\">Joining Debian 8 to Active Directory<\/a><\/em><\/p>\n<p><!--more--><\/p>\n<blockquote><p>Joining a GNU\/Linux machine to a Microsoft Active Directory has been possible for years, but it\u2019s always been a bit of a science project that involved touching half-a-dozen obscure config files and usually resulted in me getting completely locked out of the machine. Various commercial packages such as Likewise and Centrify aimed to smooth out the process, but they weren\u2019t universally accessible across distros, and often produced inconsistent results.<\/p>\n<p>After upgrading a system to Debian 8, I noticed a new option for joining the domain, courtesy of the folks at RedHat: <b>realmd<\/b>. Realmd puports to make joining an Active Directory domain dead simple. How does it do?<\/p>\n<div id=\"outline-container-sec-1\" class=\"outline-2\">\n<h2 id=\"sec-1\">What means this \u201cjoin\u201d?<\/h2>\n<div id=\"text-1\" class=\"outline-text-2\">\n<p>When I think of \u201cjoining a domain\u201d, my expectation is that I should be able to login to my system as a domain user, have a computer account created in the directory, have a home directory created for me, and potentially have some appropriate permissions granted to me (e.g., sudo privileges for domain admins). Apparently that\u2019s not what everyone means, including the developers of realmd.<\/p>\n<p>realmd will get us part of the way there, but unfortunately we\u2019ll still have to do some config file twiddling to get the last nine yards.<\/p>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-2\" class=\"outline-2\">\n<h2 id=\"sec-2\">Pre-Setup<\/h2>\n<div id=\"text-2\" class=\"outline-text-2\"><\/div>\n<div id=\"outline-container-sec-2-1\" class=\"outline-3\">\n<h3 id=\"sec-2-1\">Sanity checks<\/h3>\n<div id=\"text-2-1\" class=\"outline-text-3\">\n<ul class=\"org-ul\">\n<li>Make sure you have Debian 8 installed.<\/li>\n<li>Make sure your machine is on the network, of course, and that you have a domain admin account ready (or one that can join machines to the domain).<\/li>\n<li>Make sure your DNS server is pointing to a DNS server that knows about AD. We have some pre-AD ones that don\u2019t, and I ran into trouble with this. Most people probably don\u2019t need to worry about this.<\/li>\n<li>I use <b>sudo<\/b> in these examples because I prefer it. If you don\u2019t, make sure you\u2019re root and omit the \u201csudo\u201d whenever you see it.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-2-2\" class=\"outline-3\">\n<h3 id=\"sec-2-2\">Installing packages<\/h3>\n<div id=\"text-2-2\" class=\"outline-text-3\">\n<p>Realmd is easy enough to install using aptitude:<\/p>\n<div>\n<div id=\"highlighter_322777\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo aptitude install realmd<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Ideally, realmd is meant to install other packages required to join your domain (be it Active Directory, openldap, or some other supported directory) automatically when you attempt to join.<\/p>\n<p>In practice, I found this unreliable. So for my AD, I also installed <b>adcli<\/b> and <b>sssd<\/b> manually. And since time synchronization is critical for Active Directory, I also installed <b>ntp<\/b>.<\/p>\n<div>\n<div id=\"highlighter_343473\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo aptitude install ntp adcli sssd<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-2-3\" class=\"outline-3\">\n<h3 id=\"sec-2-3\">Some fixes<\/h3>\n<div id=\"text-2-3\" class=\"outline-text-3\">\n<p>For some reason, the first attempts I made to join a domain failed because a certain samba-related directory didn\u2019t exist. I don\u2019t know if this is a bug in realmd, or something to do with the way it installs dependencies, but simply creating the directory fixes this:<\/p>\n<div>\n<div id=\"highlighter_292665\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo mkdir -p \/var\/lib\/samba\/private<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Also, sssd was not configured to start at boot for some reason, so this also needed to be done.<\/p>\n<div>\n<div id=\"highlighter_164983\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo systemctl enable sssd<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>sssd won\u2019t actually start until it has a config file, which realmd will generate for us.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-3\" class=\"outline-2\">\n<h2 id=\"sec-3\">Join up<\/h2>\n<div id=\"text-3\" class=\"outline-text-2\">\n<p>At this point, you should be able to get some information about your domain with this command:<\/p>\n<div>\n<div id=\"highlighter_879341\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo realm discover my-domain.local<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Obviously, replace \u201cmy-domain.local\u201d with your AD domain. You should see some output that looks like this:<\/p>\n<div>\n<div id=\"highlighter_151822\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">my-domain.local<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"\" data-line=\"\">\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">type: kerberos<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"\" data-line=\"\">\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">realm-name: MY-DOMAIN.LOCAL<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"\" data-line=\"\">\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">domain-name: my-domain.local<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"\" data-line=\"\">\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">configured: no<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"\" data-line=\"\">\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">server-software: active-directory<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"\" data-line=\"\">\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">client-software: sssd<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>If this looks good, we can join the domain:<\/p>\n<div>\n<div id=\"highlighter_16544\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo realm join --user=joe.smith my-domain.local<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>This assumes joe.smith is a domain admin. Use whatever domain admin account you have. You\u2019ll be prompted for a password, of course, and then the magic happens.<\/p>\n<p>If all goes well, your machine should be configured to authenticate users to your domain at this point. You may need to start up sssd:<\/p>\n<div>\n<div id=\"highlighter_511762\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo systemctl start sssd<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>We can verify this by trying to get a password entry for a domain user:<\/p>\n<div>\n<div id=\"highlighter_73224\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo getent passwd joe.smith@my-domain.local<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>If that returns something that looks like a line from \/etc\/passwd for your joe.smith user, you\u2019re in! Otherwise, something went wrong.<\/p>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-4\" class=\"outline-2\">\n<h2 id=\"sec-4\">Vital finishing touches<\/h2>\n<div id=\"text-4\" class=\"outline-text-2\">\n<p>You can authenticate users at this point, but we\u2019re not quite done. Two more tweaks are necessary here:<\/p>\n<\/div>\n<div id=\"outline-container-sec-4-1\" class=\"outline-3\">\n<h3 id=\"sec-4-1\">You want a home directory?<\/h3>\n<div id=\"text-4-1\" class=\"outline-text-3\">\n<p>By default, Debian isn\u2019t going to make a home directory whenever the user logs in. We need to fix this, because without this you can\u2019t actually log in to the computer. Fortunately, it takes only one line in one config file to acheive this:<\/p>\n<div>\n<div id=\"highlighter_94676\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">echo &quot;session required pam_mkhomedir.so skel=\/etc\/skel\/ umask=0022&quot; | sudo tee -a \/etc\/pam.d\/common-session<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>This tells PAM to create a home directory for any authenticating user if they don\u2019t have one, and to copy the default contents from \/etc\/skel. You can change that to something else if you want a different default home directory for domain users.<\/p>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-4-2\" class=\"outline-3\">\n<h3 id=\"sec-4-2\">Local admin privileges<\/h3>\n<div id=\"text-4-2\" class=\"outline-text-3\">\n<p>Typically on a domain, domain admins would get local admin rights so they can do admin things on computers. Makes sense.<\/p>\n<p>To get this in our Debian setup, we need to make sure our sudo supports this, and then configure it.<\/p>\n<div>\n<div id=\"highlighter_419849\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">sudo aptitude install libsss-sudo<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"\" data-line=\"\">echo &quot;%domain\\ admins@my-domain.local ALL=(ALL) ALL&quot; | sudo tee -a \/etc\/sudoers.d\/domain_admins<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>The first line installs a library to allow sssd and sudo to talk. The second adds a directive to sudo to allow domain admins at my-domain.local sudo privileges. (Copy-pasters take note: you need to edit that command with your domain name.)<\/p>\n<\/div>\n<\/div>\n<\/div>\n<div id=\"outline-container-sec-5\" class=\"outline-2\">\n<h2 id=\"sec-5\">Prepare for lift-off<\/h2>\n<div id=\"text-5\" class=\"outline-text-2\">\n<p>Might as well give it a good reboot at this point just for the heck of it, but it may not actually be required (just a habit from Windows, I guess).<\/p>\n<p>At this point you should be able to log in as any domain user, and domain admins should be able to sudo. Congrats!<\/p>\n<p>For the completely lazy, I\u2019ve thrown this script together that should do the job:<\/p>\n<div>\n<div id=\"highlighter_997273\" class=\"syntaxhighlighter  plain\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<div class=\"line number21 index20 alt2\">21<\/div>\n<div class=\"line number22 index21 alt1\">22<\/div>\n<div class=\"line number23 index22 alt2\">23<\/div>\n<div class=\"line number24 index23 alt1\">24<\/div>\n<div class=\"line number25 index24 alt2\">25<\/div>\n<div class=\"line number26 index25 alt1\">26<\/div>\n<div class=\"line number27 index26 alt2\">27<\/div>\n<div class=\"line number28 index27 alt1\">28<\/div>\n<div class=\"line number29 index28 alt2\">29<\/div>\n<div class=\"line number30 index29 alt1\">30<\/div>\n<div class=\"line number31 index30 alt2\">31<\/div>\n<div class=\"line number32 index31 alt1\">32<\/div>\n<div class=\"line number33 index32 alt2\">33<\/div>\n<div class=\"line number34 index33 alt1\">34<\/div>\n<div class=\"line number35 index34 alt2\">35<\/div>\n<div class=\"line number36 index35 alt1\">36<\/div>\n<div class=\"line number37 index36 alt2\">37<\/div>\n<div class=\"line number38 index37 alt1\">38<\/div>\n<div class=\"line number39 index38 alt2\">39<\/div>\n<div class=\"line number40 index39 alt1\">40<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"\" data-line=\"\">#!\/bin\/bash<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"\" data-line=\"\"># This script should join Debian Jessie (8) to an Active Directory domain.<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"\" data-line=\"\">echo &quot;Please authenticate with your sudo password&quot;<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"\" data-line=\"\">sudo -v<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"\" data-line=\"\">if ! $(sudo which realmd 2&gt;\/dev\/null); then<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"\" data-line=\"\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">sudo aptitude install realmd adcli sssd<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"\" data-line=\"\">fi<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"\" data-line=\"\">if ! $(sudo which ntpd 2&gt;\/dev\/null); then<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"\" data-line=\"\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">sudo aptitude install ntp<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"\" data-line=\"\">fi<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"\" data-line=\"\">sudo mkdir -p \/var\/lib\/samba\/private<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"\" data-line=\"\">echo &quot;Please enter the domain you wish to join: &quot;<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"\" data-line=\"\">read DOMAIN<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"\" data-line=\"\">echo &quot;Please enter a domain admin login to use: &quot;<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"\" data-line=\"\">read ADMIN<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><\/div>\n<div class=\"line number23 index22 alt2\"><code class=\"\" data-line=\"\">sudo realm join --user=$ADMIN $DOMAIN<\/code><\/div>\n<div class=\"line number24 index23 alt1\"><\/div>\n<div class=\"line number25 index24 alt2\"><code class=\"\" data-line=\"\">if [ $? -ne 0 ]; then<\/code><\/div>\n<div class=\"line number26 index25 alt1\"><code class=\"\" data-line=\"\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">echo &quot;AD join failed.\u00a0 Please run &#039;journalctl -xn&#039; to determine why.&quot;<\/code><\/div>\n<div class=\"line number27 index26 alt2\"><code class=\"\" data-line=\"\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"\" data-line=\"\">exit 1<\/code><\/div>\n<div class=\"line number28 index27 alt1\"><code class=\"\" data-line=\"\">fi<\/code><\/div>\n<div class=\"line number29 index28 alt2\"><\/div>\n<div class=\"line number30 index29 alt1\"><code class=\"\" data-line=\"\">sudo systemctl enable sssd<\/code><\/div>\n<div class=\"line number31 index30 alt2\"><code class=\"\" data-line=\"\">sudo systemctl start sssd<\/code><\/div>\n<div class=\"line number32 index31 alt1\"><\/div>\n<div class=\"line number33 index32 alt2\"><code class=\"\" data-line=\"\">echo &quot;session required pam_mkhomedir.so skel=\/etc\/skel\/ umask=0022&quot; | sudo tee -a \/etc\/pam.d\/common-session<\/code><\/div>\n<div class=\"line number34 index33 alt1\"><\/div>\n<div class=\"line number35 index34 alt2\"><code class=\"\" data-line=\"\"># configure sudo<\/code><\/div>\n<div class=\"line number36 index35 alt1\"><code class=\"\" data-line=\"\">sudo aptitude install libsss-sudo<\/code><\/div>\n<div class=\"line number37 index36 alt2\"><\/div>\n<div class=\"line number38 index37 alt1\"><code class=\"\" data-line=\"\">echo &quot;%domain\\ admins@$DOMAIN ALL=(ALL) ALL&quot; | sudo tee -a \/etc\/sudoers.d\/domain_admins<\/code><\/div>\n<div class=\"line number39 index38 alt2\"><\/div>\n<div class=\"line number40 index39 alt1\"><code class=\"\" data-line=\"\">echo &quot;The computer is joined to the domain.\u00a0 Please reboot, ensure that you are connected to the network, and you should be able to login with domain credentials.&quot;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>UPDATE: Owing to the number of people looking for help or needing script improvements,<br \/>\nI\u2019ve <a href=\"https:\/\/github.com\/alandmoore\/debian_join_active_directory\">created a github repo<\/a> for this script. Please feel free to file issues or (better yet) make pull requests to improve it.<br \/>\nCheers!<\/p>\n<\/div>\n<\/div>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p class=\"excerpt\">Joining Debian 8 to Active Directory<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"https:\/\/monodes.com\/predaelli\/2016\/09\/28\/joining-debian-8-to-active-directory\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"link","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[72],"tags":[125,126],"class_list":["post-1789","post","type-post","status-publish","format-link","hentry","category-documentations","tag-active-directory","tag-windows-domain","post_format-post-format-link"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-sR","jetpack-related-posts":[{"id":6804,"url":"https:\/\/monodes.com\/predaelli\/2020\/03\/02\/how-to-join-a-domain-from-fedora-31\/","url_meta":{"origin":1789,"position":0},"title":"How to join a domain from Fedora 31","author":"Paolo Redaelli","date":"2020-03-02","format":false,"excerpt":"Once it was black magic, nowadays it is so simple: Join in Active Directory Domain 2019\/11\/12 I suspect it could have been simpler if I followed the installer, but I preferred to go on my own. \u00a0 \u00a0 Join in Windows Active Directory Domain with Realmd. This tutorial needs Windows\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":178,"url":"https:\/\/monodes.com\/predaelli\/2015\/05\/21\/linux-into-a-windows-domain-active-directory\/","url_meta":{"origin":1789,"position":1},"title":"Linux into a Windows Domain (Active Directory)","author":"Paolo Redaelli","date":"2015-05-21","format":false,"excerpt":"Once it was called LikeWise-open, now it's new name is powerbrokeropen.org and\u00a0 allows Active Directory authentication for Linux, UNIX, and Mac systems by joining them to Active Directory domains. It integrates very very well into a GNU\/Linux system, using Pluggable Authentication Modules (PAM) and Name Service Switch (NSS) and it\u2026","rel":"","context":"In &quot;Senza categoria&quot;","block_context":{"text":"Senza categoria","link":"https:\/\/monodes.com\/predaelli\/category\/senza-categoria\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":10226,"url":"https:\/\/monodes.com\/predaelli\/2023\/02\/14\/how-to-join-a-linux-system-to-an-active-directory-domain\/","url_meta":{"origin":1789,"position":2},"title":"How to join a Linux system to an Active Directory domain","author":"Paolo Redaelli","date":"2023-02-14","format":false,"excerpt":"Do you need to centrally manage Linux systems and user accounts under an Active Directory domain? Here's how to do it. Source: How to join a Linux system to an Active Directory domain You will end up having a \/etc\/sssd\/sssd.conf file like this [sssd] domains = YOUR_DOMAIN config_file_version = 2\u2026","rel":"","context":"In &quot;Proprietary software&quot;","block_context":{"text":"Proprietary software","link":"https:\/\/monodes.com\/predaelli\/category\/software\/proprietary-software\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2023\/02\/sudols10.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":5044,"url":"https:\/\/monodes.com\/predaelli\/2018\/12\/10\/dehydrated-a-bash-client-for-lets-encrypt-antoine-aflalo\/","url_meta":{"origin":1789,"position":3},"title":"Dehydrated: a bash client for Let&#8217;s Encrypt &#8211; Antoine Aflalo","author":"Paolo Redaelli","date":"2018-12-10","format":false,"excerpt":"Tutorial on how to use Dehydrated, a bash client for Let's Encrypt ACME Protocol. Dehydrated helps you take care of your SSL certificates. Source: Dehydrated: a bash client for Let's Encrypt - Antoine Aflalo Dehydrated: a bash client for Let\u2019s Encrypt Dehydrated was firstly known as letsencrypt.sh but because letsencrypt\u2026","rel":"","context":"In &quot;Web&quot;","block_context":{"text":"Web","link":"https:\/\/monodes.com\/predaelli\/category\/web\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2018\/12\/Acme_Dehydrated-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1254,"url":"https:\/\/monodes.com\/predaelli\/2016\/04\/06\/aptyum-cheatlist\/","url_meta":{"origin":1789,"position":4},"title":"apt\/yum cheatlist","author":"Paolo Redaelli","date":"2016-04-06","format":false,"excerpt":"apt-cache se I'm actually doing the reverse: SwitchingToUbuntu\/FromLinux\/RedHatEnterpriseLinuxAndFedora\u00a0 but it's easy as a quick Ctrl-F or \/ Table of Equivalent Commands Below is a table of equivalent commands for package management on both Ubuntu\/Debian and Red Hat\/Fedora systems. Task Red Hat\/Fedora Ubuntu Adding, Removing and Upgrading Packages Refresh list of\u2026","rel":"","context":"In &quot;Debian&quot;","block_context":{"text":"Debian","link":"https:\/\/monodes.com\/predaelli\/category\/debian\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11628,"url":"https:\/\/monodes.com\/predaelli\/2024\/05\/05\/added-a-plugin-to-the-wordpress-directory-heres-what-to-do-next-david-artiss\/","url_meta":{"origin":1789,"position":5},"title":"Added a plugin to the WordPress directory? Here\u2019s what to do next | David Artiss","author":"Paolo Redaelli","date":"2024-05-05","format":false,"excerpt":"Once you\u2019ve had your plugin accepted into the WordPress.org directory, there are a few steps that I\u2019d highly recommend any developer doing before moving on. Source: Added a plugin to the WordPress directory? Here\u2019s what to do next | David Artiss Added a plugin to the WordPress directory? Here\u2019s what\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/1789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=1789"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/1789\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=1789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=1789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=1789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}