Active directory groups linux

How can I list the Active Directory user attributes from a linux computer?

How can I list the Active directory user attributes from a Linux computer? The Linux computer is already joined to the domain. I can use ‘getent’ to get the user and group information, but it does not display the complete active directory user attributes.

4 Answers 4

You can use ldapsearch to query an AD Server. For example, the following query will displya all attributes of all the users in the domain:

ldapsearch -x -h adserver.domain.int -D "user@domain.int" -W -b "cn=users,dc=domain,dc=int" 

Command options explained:

• -x use simple authentication (as opposed to SASL)
• -h your AD server
• -D the DN to bind to the directory. In other words, the user you are authenticating with.
• -W Prompt for the password. The password should match what is in your directory for the the binddn (-D). Mutually exclusive from -w.
• -b The starting point for the search

A much simpler command is

For this command to work, your machine must have already joined the domain; you can verify that via

If the OS is integrated with Active directory, then simply running «id» command should be sufficient to list the AD groups assigned to the user.

The commands like id/gid will give results just the way they do when OS is not integrated with AD.

[oracle@wlsserver1~]$ id s_dhan uid=1356186729(s_dhan) gid=1356000513(domain users) groups=1356000513(domain users),1356162912(linux-skl-prod-login),1356177219(linux-tom-dv-login). 

Источник

Ubuntu 22.04 — Microsoft Active Directory Group Policy

In this Post I will show you the new Active Directory Group Policy integration in Ubuntu 22.04.

Environment

• AD Server:
  • Domain Server: Windows Server 20119
  • Domain Name: devopstales.intra
  • Hostname: dc01.devopstales.intra
  • NetBIOS Name: DC01
  • Realm: DEVOPSTALES.INTRA

  Join the Ubuntu 22.04 to Active Directory

  First install some required packages.

  sudo apt install sssd-ad sssd-tools realmd adcli adsys -y 

  Change the DNS and NTP server to the Active Directory Domain Controller

  sudo vi /etc/netplan/01-netcfg.yaml --- . nameservers: addresses: [192.168.100.100] sudo netplan apply 

  sudo vi /etc/ntp.conf . server 192.168.100.100 iburst sudo systemctl restart ntp ntpq -p 

  Test Active Directory Domain Connection

  realm discover dc01.devopstales.intra devopstales.intra type: kerberos realm-name: DEVOPSTALES.INTRA domain-name: devopstales.intra configured: no server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin 

  Join to the Active Directory Domain

  sudo realm join dc01.devopstales.intra Password for Administrator: id developer-user@devopstales.intra uid=1259201103(developer-user@devopstales.intra) gid=1259200513(domain users@devopstales.intra) groups=1259200513(domain users@devopstales.intra),1259200512(domain admins@devopstales.intra),1259200572(denied rodc password replication group@devopstales.intra) 

  If you want to cut down the domain name from the username:

  sudo vi /etc/sssd/sssd.conf use_fully_qualified_names = False systemctl restart sssd id Administrator uid=1259200500(administrator) gid=1259200513(domain users) groups=1259200513(domain users),1259200572(denied rodc password replication group),1259200512(domain admins),1259200518(schema admins),1259200520(group policy creator owners),1259200519(enterprise admins) 

  Enable home folder creation for domain users:

  sudo pam-auth-update --enable mkdir 

  Now you can login wit and AD user to the Ubuntu:

  exit Ubuntu 22.04 LTS dlp.srv.world ttyS0 ubuntu-client login: developer-user@devopstales.intra Password: Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-25-generic x86_64) 

  Manage Linux GPO from Windows AD

  To manage Linux clients from AD Group Policy we need to install the custom Group Policies to the AD Domain Controller sysvol folder.

  Firs we generate the custom Group Policy files:

  sudo adsysctl policy admx all 

  On AD Domain Controller copy these files to:

  .admx C:\Windows\SYSWOL\domain\Policies\PolicyDefinitions\ .adml C:\Windows\SYSWOL\domain\Policies\PolicyDefinitions\en-US\ 

  Create GPO for sudo

  On the Windows Active Directory Domain Controller open Group Policy Management Console

  Create a new GPO and right click Edit

  Go to Computer Configuration > Policies > Administrative Templates > Ubuntu > Client Management > Privilege Authorization . Then Select Client Administrators Select Enable and add the usernames.

  Now force sync the GPOs on the Ubuntu client:

  adsysctl policy update -av adsysctl policy applied --details 

  Now you can sudo with the selected user.

  Your support is our everlasting motivation,
  that cup of coffee is what keeps us going!

  As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

  Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.

  Blog Series

  • container-runtimes (18)
  • k3s (7)
  • k8s-authentication (9)
  • k8s-gitops (7)
  • k8s-lessons (10)
  • k8s-network (23)
  • k8s-operators (10)
  • k8s-security (59)
  • kubernetes (29)
  • mikrotik (5)
  • virtualization (3)

  Источник