Skip to content

Home

Jump to bottom
Will Russell edited this page May 4, 2021 · 4 revisions

PREPARATION AND RUNNING THE SCRIPT:

Copy the master directory or clone this repository to your target machine enter the new UbuntuBind folder and make the rhelbind or ubuntubind.sh executable with

$sudo a+x bind.sh

Make adjustments to the sssd.conf file: Nano or vim the sssd.conf file and change any mention of "AD.COMPANY.COM" to your active directory domain target address. Capitalize the full caps instance of the term. save changes and execute the script from the directory, and follow the prompts. There are at least 4 places where you will need to acknowledge or interact with the script, and there are portions where it will wait for you to confirm that you have made changes to your domain structure.

Verify that there is an Object in the domain matching the hostname of the target computer (Don't worry, it will ask you whether this has been completed). This script does not attempt to create an object to avoid undue permissions errors for certain circumstances or particular OU's that are enabled for object creation and binding specifically, and to simplify the process for the user.

Run the script and follow the shell prompts.

Troubleshooting:

  • Is the time server updating correctly, and is it accurate against your internal domain clock? (sometimes there's an intentional clock skew). Try mapping your NTP against the domain address itself.

  • Is there an object in the domain that you are authorized to bind with the same hostnamename as the device you're attempting to bind? If you're RE-Running the bind script, delete the original object, and create a new one for a fresh bind link.

  • Are you authorized to bind to your domain? Check your permissions and see if your systems administrator will allow you to interact with your domain in this way.

  • does the SSSD.conf file have the accurate target information re: your domain address when it comes to LDAP targeting and AD authentications?

  • Can your Machine speak to the domain? Try and ping against your host domain address and see if there's a networking path issue. If you can't ping your domain, you can't bind to it.

  • Is your machine using the correct DNS entries to be able to do dynamic hostname resolution in your network? verify the internal DNS servers are linked to your device correctly, and that you are able to ping against other internal hostnames (not just IP addresses).

  • Beyond that, the script really should run itself once launched. I'll be continuing to update and patch this build moving forward. Always clone the latest version, and ensure that your system is up to date with sudo apt update && apt upgrade -y before you begin.

Clone this wiki locally