Setelah kita Setup Active Directory Server di Windows Server 2022 sekarang kita bisa menggunakan User LDAP/AD ini untuk login ke lingkungan server.
Join Active Directory dan Konfigurasi Login dengan User AD
Instalasi paket yang dibutuhkan
dnf install -y realmd oddjob oddjob-mkhomedir sssd adcli samba-common-tools
Setel dns server ke server AD
cat <<EOF | tee -a /etc/resolv.conf
search lab.homelab.is-a.dev
nameserver 10.79.80.3
EOF
Discover ke server AD
realm discover lab.homelab.is-a.dev
Join host linux ke server AD
realm join lab.homelab.is-a.dev -U Administrator
Sesuaikan konfigurasi di file /etc/sssd/sssd.conf
[sssd]
domains = lab.homelab.is-a.dev
config_file_version = 2
services = nss, pam
[domain/lab.homelab.is-a.dev]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = lab.homelab.is-a.dev
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%d/%u
ad_domain = lab.homelab.is-a.dev
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
Kemudian restart servicenya
systemctl restart sssd.service
Setup konfigurasi sudo untuk User AD
cat <<EOF | tee /etc/sudoers.d/ad-users
%administrators ALL=(ALL) ALL
%operations\ team ALL=(ALL) ALL
EOF
Anda juga bisa membatasi akses ssh dengan menambahkan konfigurasi berikut
cat <<EOF | tee -a /etc/ssh/sshd_config
Allowgroups administrators "operations team" cloud-admin
EOF
systemctl restart sshd.service
Masalah “KDC has no support for encryption type”
Cek file konfigurasi di /etc/krb5.conf lalu sesuaikan nilainya seperti berikut
default_realm = LAB.HOMELAB.IS-A.DEV
default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
Referensi: