Hi,
I have recently worked out how our company could use FreeIPA connected to Active Directory to provide HBAC and SUDO with Active Directory users to our Linux servers. This works great. Including the configuration of SSH key authentication, which is not something I could directly find in UCS.
I am wondering if UCS could do the same, is this something which is possible with UCS?
Thanks in advance.
Dominique
Hey,
Univention includes a component called “AD Connector”. It enables you to deploy a UCS infrastructure and synchronize accounts & groups with a Windows-based Active Directory domain. A UCS system can then authenticate the same users via PAM, including ssh & sudo. You can read more about the AD Connector in the admin manual.
Kind regards,
mosu
why not using realmd ?
apt -y install ntp realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs resolvconf
or
yum -y install realm ntp ntpdate adcli sssd authconfig krb5-workstation openldap-clients samba-common-tools
then
realm discover “realm” (the realm is the ad domain)
realm join “realm” -U youruserid
vi /etc/sssd/sssd.conf and change
use_fully_qualified_names = False
systemctl restart sssd
id your_ad_userid