Skip to content

Instantly share code, notes, and snippets.

Last active May 1, 2020 13:34
What would you like to do?
Join a Debian/Ubuntu based server to a Windows domain so that users can ssh with domain credentials
# Replace with your domain
hostnamectl set-hostname <hostname> # FQDN required for DNS registrations by realm (not sure why)
mkdir -p /var/log/journal # Persist logs across reboots
apt update && apt full-upgrade -y && apt auto-remove -y # Get software up to date
apt install -y unattended-upgrades packagekit realmd dnsutils sudo # Install required packages
pam-auth-update --enable mkhomedir # Allow automatic creation of home directories for domain users
echo '%domain\ ALL=(ALL:ALL) ALL' > /etc/sudoers.d/ # Allow all domain users to act as root in high-trust environments
ssh-keyscan localhost | ssh-keygen -lf - # Take a record of the SSH keys for secure login
realm join -v -U <your unqualified domain user name> # Join domain
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment