torkitea/mkdocs-etz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2bea6f01c04c84e7407da1c8a56083af1614f870
mkdocs-etz/mkdocs/site/Linux_Unternehmen/linux-als-ad-client/index.html

1249 lines
30 KiB
HTML
Raw Normal View History

Initialer Upload MkDocs ETZ Dokumentation
2025-12-04 07:57:14 +01:00
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="prev" href="../ubuntu-ad-dc/">
<link rel="next" href="../nextcloud-ldap/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.0">
<title>Linux als Client in Active Directory - Linux Grundlagen MK-IT</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.618322db.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.ab4e12ef.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#voraussetzungen-prufen" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Linux Grundlagen MK-IT" class="md-header__button md-logo" aria-label="Linux Grundlagen MK-IT" data-md-component="logo">
<img src="../../assets/Logo.png" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Linux Grundlagen MK-IT
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Linux als Client in Active Directory
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m14.3 16-.7-2h-3.2l-.7 2H7.8L11 7h2l3.2 9zM20 8.69V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12zm-9.15 3.96h2.3L12 9z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="blue-grey" data-md-color-accent="orange" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_2" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="blue-grey" data-md-color-accent="yellow" aria-label="Switch to system preference" type="radio" name="__palette" id="__palette_2">
<label class="md-header__button md-icon" title="Switch to system preference" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Linux Grundlagen MK-IT" class="md-nav__button md-logo" aria-label="Linux Grundlagen MK-IT" data-md-component="logo">
<img src="../../assets/Logo.png" alt="logo">
</a>
Linux Grundlagen MK-IT
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="">
<span class="md-ellipsis">
Grundlagen
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Grundlagen
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../basics/Einstieg%20in%20Linux-Desktop/" class="md-nav__link">
<span class="md-ellipsis">
Einstieg in Linux-Desktop
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../basics/Grundlagen%20der%20Konsole/" class="md-nav__link">
<span class="md-ellipsis">
Grundlagen der Konsole
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../basics/Windows-Freigabe%20mit%20Samba/" class="md-nav__link">
<span class="md-ellipsis">
Windows-Freigabe mit Samba
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../basics/Automatisierung%20mit%20cron%20und%20systemd/" class="md-nav__link">
<span class="md-ellipsis">
Automatisierung mit cron und systemd
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Linux im Unternehmen
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Linux im Unternehmen
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../ubuntu-ad-dc/" class="md-nav__link">
<span class="md-ellipsis">
Ubuntu Servr als Active Directory Domain Controller
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Linux als Client in Active Directory
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Linux als Client in Active Directory
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#voraussetzungen-prufen" class="md-nav__link">
<span class="md-ellipsis">
Voraussetzungen prüfen
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#system-aktualisieren" class="md-nav__link">
<span class="md-ellipsis">
System aktualisieren
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#notwendige-pakete-installieren" class="md-nav__link">
<span class="md-ellipsis">
Notwendige Pakete installieren
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#hostname-setzen-fqdn" class="md-nav__link">
<span class="md-ellipsis">
Hostname setzen (FQDN)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kerberos-konfigurieren" class="md-nav__link">
<span class="md-ellipsis">
Kerberos konfigurieren
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#funktionstest-domane-entdecken" class="md-nav__link">
<span class="md-ellipsis">
Funktionstest: Domäne entdecken
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kerberos-ticket-holen" class="md-nav__link">
<span class="md-ellipsis">
Kerberos-Ticket holen
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#system-der-domane-beitreten" class="md-nav__link">
<span class="md-ellipsis">
System der Domäne beitreten
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#home-verzeichnisse-fur-ad-benutzer-automatisch-erstellen" class="md-nav__link">
<span class="md-ellipsis">
Home-Verzeichnisse für AD-Benutzer automatisch erstellen
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#funktionstest-ad-benutzer-auflisten" class="md-nav__link">
<span class="md-ellipsis">
Funktionstest: AD-Benutzer auflisten
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#optional-sudo-rechte-fur-ad-gruppen-vergeben" class="md-nav__link">
<span class="md-ellipsis">
(Optional) Sudo-Rechte für AD-Gruppen vergeben
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../nextcloud-ldap/" class="md-nav__link">
<span class="md-ellipsis">
Nextcloud mit LDAP-Anbindung
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Bonuskapitel
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Bonuskapitel
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../bonus/docker-grundlagen.md" class="md-nav__link">
<span class="md-ellipsis">
Docker-Grundlagen
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" >
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
<span class="md-ellipsis">
Docker-Projekte
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Docker-Projekte
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../bonus/docker-pi-hole.md" class="md-nav__link">
<span class="md-ellipsis">
Pi-Hole
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../bonus/docker-backuppc.md" class="md-nav__link">
<span class="md-ellipsis">
BackupPC
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#voraussetzungen-prufen" class="md-nav__link">
<span class="md-ellipsis">
Voraussetzungen prüfen
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#system-aktualisieren" class="md-nav__link">
<span class="md-ellipsis">
System aktualisieren
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#notwendige-pakete-installieren" class="md-nav__link">
<span class="md-ellipsis">
Notwendige Pakete installieren
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#hostname-setzen-fqdn" class="md-nav__link">
<span class="md-ellipsis">
Hostname setzen (FQDN)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kerberos-konfigurieren" class="md-nav__link">
<span class="md-ellipsis">
Kerberos konfigurieren
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#funktionstest-domane-entdecken" class="md-nav__link">
<span class="md-ellipsis">
Funktionstest: Domäne entdecken
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#kerberos-ticket-holen" class="md-nav__link">
<span class="md-ellipsis">
Kerberos-Ticket holen
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#system-der-domane-beitreten" class="md-nav__link">
<span class="md-ellipsis">
System der Domäne beitreten
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#home-verzeichnisse-fur-ad-benutzer-automatisch-erstellen" class="md-nav__link">
<span class="md-ellipsis">
Home-Verzeichnisse für AD-Benutzer automatisch erstellen
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#funktionstest-ad-benutzer-auflisten" class="md-nav__link">
<span class="md-ellipsis">
Funktionstest: AD-Benutzer auflisten
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#optional-sudo-rechte-fur-ad-gruppen-vergeben" class="md-nav__link">
<span class="md-ellipsis">
(Optional) Sudo-Rechte für AD-Gruppen vergeben
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1>Linux als Client in Active Directory</h1>
<p>Ein Ubuntu Desktop-System lässt sich auch in eine Domäne einbinden.
Falls Sie sich fragen, wozu man Linux an ein Windows-Netzwerk anbinden
soll, ist einfach erklärt: Egal an welchen Computer Sie gehen, sei es
Linux oder Windows, Sie melden Sich mit ihren Benutzerdaten an und
erhalten auch ggf. die Administrationsrechte um Auf dem System Schalten
und Walten zu können, wie sie möchten. Im Augenblick sind Rechtevergaben
nur für Gruppen pro System anzuwenden, somit können Administratoren
Programme Installieren. Wenn Gruppenrichtlinien genutzt werden sollen,
müssen Sie Kostenpflichtige Tools wie Centrify DirectControl oder Ubuntu
Pro nutzen.</p>
<h2 id="voraussetzungen-prufen">Voraussetzungen prüfen</h2>
<ul>
<li>Ubuntu ist installiert und einsatzbereit</li>
<li>Netzwerkverbindung zum AD-Controller funktioniert</li>
<li>DNS-Auflösung auf die Domäne und den AD-Controller ist sichergestellt</li>
<li>Systemuhr ist synchron (z.B. via NTP)</li>
<li>Ein AD-Benutzerkonto mit Join-Rechten ist vorhanden</li>
</ul>
<h2 id="system-aktualisieren">System aktualisieren</h2>
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>apt<span class="w"> </span>update
sudo<span class="w"> </span>apt<span class="w"> </span>upgrade
</code></pre></div>
<h2 id="notwendige-pakete-installieren">Notwendige Pakete installieren</h2>
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>apt<span class="w"> </span>install<span class="w"> </span>-y<span class="w"> </span>realmd<span class="w"> </span>sssd<span class="w"> </span>sssd-tools<span class="w"> </span>adcli<span class="w"> </span>samba-common-bin<span class="w"> </span>oddjob<span class="w"> </span>oddjob-mkhomedir<span class="w"> </span>packagekit<span class="w"> </span>libnss-sss<span class="w"> </span>libpam-sss<span class="w"> </span>krb5-user<span class="w"> </span>sssd-krb5
</code></pre></div>
<h2 id="hostname-setzen-fqdn">Hostname setzen (FQDN)</h2>
<p>Passe den Hostnamen an das AD-Schema an (z.B. rechnername.deinedomäne.de):</p>
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>hostnamectl<span class="w"> </span>set-hostname<span class="w"> </span>vbox.tnXX.ito
</code></pre></div>
<h2 id="kerberos-konfigurieren">Kerberos konfigurieren</h2>
<p>Bearbeite die Datei <code>/etc/krb5.conf</code> und passe die Domain an:</p>
<div class="highlight"><pre><span></span><code><span class="k">[libdefaults]</span>
<span class="na">udp_preference_limit</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">0</span>
<span class="na">default_realm</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">TNXX.ITO</span>
<span class="na">rdns</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">false</span>
</code></pre></div>
<blockquote>
<p><em>Hinweis: Domänenname in Großbuchstaben eintragen</em></p>
</blockquote>
<h2 id="funktionstest-domane-entdecken">Funktionstest: Domäne entdecken</h2>
<div class="highlight"><pre><span></span><code>realm<span class="w"> </span>discover<span class="w"> </span>tnXX.ito
</code></pre></div>
<blockquote>
<p>Ergebnis prüfen: Die Domäne sollte mit Typ „active-directory" angezeigt werden.</p>
</blockquote>
<h2 id="kerberos-ticket-holen">Kerberos-Ticket holen</h2>
<div class="highlight"><pre><span></span><code>kinit<span class="w"> </span>deinbenutzername
</code></pre></div>
<blockquote>
<p>Passwort eingeben (AD-Benutzer mit Join-Rechten).</p>
</blockquote>
<h2 id="system-der-domane-beitreten">System der Domäne beitreten</h2>
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>realm<span class="w"> </span>join<span class="w"> </span>-v<span class="w"> </span>-U<span class="w"> </span>deinbenutzername<span class="w"> </span>TNXX.ITO
</code></pre></div>
<blockquote>
<p>Passwort eingeben, wenn abgefragt.</p>
</blockquote>
<h2 id="home-verzeichnisse-fur-ad-benutzer-automatisch-erstellen">Home-Verzeichnisse für AD-Benutzer automatisch erstellen</h2>
<p><div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>pam-auth-update
</code></pre></div>
„Create home directory on login" aktivieren falls deaktiviert und mit OK
bestätigen.</p>
<h2 id="funktionstest-ad-benutzer-auflisten">Funktionstest: AD-Benutzer auflisten</h2>
<div class="highlight"><pre><span></span><code>id<span class="w"> </span>benutzer@TNXX.ITO
</code></pre></div>
<blockquote>
<p>Wenn die Benutzerinformationen angezeigt werden, war der Join erfolgreich.</p>
</blockquote>
<h2 id="optional-sudo-rechte-fur-ad-gruppen-vergeben">(Optional) Sudo-Rechte für AD-Gruppen vergeben</h2>
<p>Datei anlegen:</p>
<p><div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>nano<span class="w"> </span>/etc/sudoers.d/adadmins
</code></pre></div>
Eintragen (Beispiel):</p>
<p><div class="highlight"><pre><span></span><code>%administratoren@TNXX.ITO ALL=(ALL) NOPASSWD:ALL
</code></pre></div>
<strong>Kontrollfragen</strong></p>
<ol>
<li>Welche Pakete sind für den AD-Join notwendig?</li>
<li>Wie prüfen Sie, ob die Domäne erreichbar ist?</li>
<li>Wie testen Sie, ob ein AD-Benutzer korrekt erkannt wird? </li>
<li>Warum ist die DNS-Konfiguration so wichtig für den AD-Join?</li>
</ol>
<p><strong>Hinweis:</strong>\
Bei Fehlern prüfen Sie die Logdateien (/var/log/sssd/, /var/log/auth.log,
/var/log/syslog) und die Netzwerkkonfiguration.</p>
<p><a class="md-button" href="../linux-als-ad-client.pdf">PDF herunterladen</a></p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"annotate": null, "base": "../..", "features": ["navigation.sections"], "search": "../../assets/javascripts/workers/search.7a47a382.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
<script src="../../assets/javascripts/bundle.e71a0d61.min.js"></script>
</body>
</html>
Reference in New Issue Copy Permalink