This script automates the process of joining a Linux server to an Active Directory domain. It also configures the home directory settings and shell access for AD users on the Linux server.
This script requires the following:
- A Linux server running RHEL 7 or later, CentOS 7 or later, or Fedora 26 or later.
- An Active Directory domain to join the server.
- Domain administrator credentials with permission to join computers (Similar to Winows Machine)
-
Copy the
join-to-domain.sh
script to your Linux server. -
Make the script executable using the command
chmod +x join-to-domain.sh
. -
Open the script in a text editor and set the following variables according to your domain requirements:
sudoers_group
: The name of the AD group that will have sudo access on the Linux server.Computer_OU
: The OU where the computer account will be created in AD.domain
: The FQDN of the Active Directory domain.Ssh_Allow
: The name of the AD group that will be allowed SSH access to the Linux server.
-
Run the script using the command
sudo ./join-to-domain.sh
.
-
Generate an SSH key pair on the local machine if you don't have one already. You can do this using the
ssh-keygen
command (Or you can use Puttygen). -
Copy the public key generated in step 1. You can do this by using the
cat
command to print the contents of the public key file and then copying the output (or copy from Puttygen Directly). -
Log in to the Active Directory server and open the Active Directory Users and Computers console.
-
Locate the user account to which you want to add the SSH public key and right-click on it. Select "Properties" from the context menu.
-
In the Properties dialog box, click on the "Attribute Editor" tab (If you can't see it make sure to enable Advanced Features by going to View → Advanced Features).
-
In the Attribute Editor tab, scroll down and find the attribute "altSecurityIdentities". Double-click on it to open the Editor dialog box.
-
In the Editor dialog box, click on the "Add" button.
-
In the Add String dialog box, enter the following:
Name: altSecurityIdentities Value: sshPublicKey
Replace
<public-key>
with the contents of the public key copied in step 2. -
Click on "OK" to close all dialog boxes.
-
The SSH public key is now added to the user's altSecurityIdentities attribute in Active Directory. You can now use this key to log in to remote servers using SSH without the need for a password.
- Detects the OS release and version.
- Runs the
realm discover
command to get the required packages and installs them usingyum
. - Prompts the user for domain administrator credentials and joins the Linux server to the AD domain using the
realm join
command. - Adds the
Ssh_Allow
group to thesshd_config
file to allow SSH access for AD users. - Configures the
sssd.conf
file to set the home directory and shell settings for AD users. - Configures the
sssd.conf
file to allow the use ofaltSecurityIdentities
as SSH public keys for AD users. - Configures the
sshd_config
file to use thesss_ssh_authorizedkeys
command to retrieve the SSH public keys of AD users.
- Make and test one for Debian, Ubuntu based OSs.
- Test it on ARM64 system
- Combine all to a python script so it can be executed anywhere.