Credit goes: https://www.tecmint.com/integrate-ubuntu-to-samba4-ad-dc-with-sssd-and-realm/
Make sure the hostname has been updated. (
hostnamectl set-hostname newhostname).Update /etc/sssd/sssd.conf: (Optional)
(I prefer to have
use_fully_qualified_names = False and customize fallback_homedir)(Also,
default_shell = /usr/bin/zsh for me. )
[sssd]
domains = the.domain.name
config_file_version = 2
services = nss, pam
[domain/the.domain.name]
ad_domain = the.domain.name
krb5_realm = THE.DOMAIN.NAME
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad
Add pam_mkhomedir.so to /etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel umask=077
Restart sssd service
systemctl restart sssd
Try to identify a domain user with id
id Administrator
The output should be something like this:
uid=900000500(administrator) gid=900000512(domain admins) groups=900000512(domain admins),900000520(group policy creator owners),900000519(enterprise admins),900001105(dc backup hosts),900001103(computers),900000518(schema admins),900000513(domain users),900000572(denied rodc password replication group),900001104(dc slave hosts)
