https://github.com/sudo-project/sudo/blob/main/docs/schema.ActiveDirectory
Dc=x -> DC=ornek,DC=com
C:\Users\Administrator\Desktop\direct-entegration>ldifde -i -f kt.ldf
Connecting to "ad.ornek.com"
Logging in as current user using SSPI
Importing directory from file "kt.ldf"
Loading entries.............
12 entries modified successfully.
The command has completed successfully
C:\Users\Administrator\Desktop\direct-entegration>
yum install samba-common-tools realmd oddjob oddjob-mkhomedir sssd adcli krb5-workstation
[root@rhel8 ~]# realm discover ad.ornek.com
ornek.com
type: kerberos
realm-name: ORNEK.COM
domain-name: ornek.com
configured: no
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
realm join ad.ornek.com
[root@rhel8 ~]# getent passwd administrator@ornek.com
administrator@ornek.com:*:549800500:549800513:Administrator:/home/administrator@ornek.com:/bin/bash
### if you want to use posix attirubute on AD use that command.
# realm join --automatic-id-mapping=no ornek.com
# or
# change the file: /etc/sssd/sssd.conf ( ldap_id_mapping = false )
# and delete cache by this command: rm -f /var/lib/sss/db/*
# finaly restart service by this command: systemctl restart sssd
You can take help from here: https://chat.openai.com/chat
Set-ADUser -identity test -Add @{uidNumber="5000"; gidNumber="100"; loginShell="/bin/bash"; unixHomeDirectory="/home/test"}
Get-ADUser -Identity test -Properties * | Out-String -Stream | Select-String "uidNumber","gidNumber","loginShell","unixHomeDirectory"
result here:
login here:
C:\Users\Administrator>ping rhel8
Pinging rhel8.ornek.com [192.168.1.228] with 32 bytes of data:
Reply from 192.168.1.228: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.228:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Users\Administrator>ping rhel8.ornek.com
Pinging rhel8.ornek.com [192.168.1.228] with 32 bytes of data:
Reply from 192.168.1.228: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.228:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
- add highlighted word "sudo" to this file /etc/sssd/sssd.conf
- add a line to this file : /etc/nsswitch.conf
echo "sudoers: files sss" >> /etc/nsswitch.conf
Final Result:
NOT: chronyd service might dont work "Could not step system clock" if installed open-vm-tools , you should enable it.
/usr/bin/vmware-toolbox-cmd timesync status
/usr/bin/vmware-toolbox-cmd timesync enable