How to make astra ad user authorization work through linux?

S

Sergey Prokhorov2019-08-14 06:06:59

Debian

Sergey Prokhorov, 2019-08-14 06:06:59

I created an AD domain in astra linux, there are no problems when joining windows machines to the domain, but authorization on linux does not work.
Test client - debian 9 added to domain

[email protected]:/home/user# realm list
testdomain.ru
  type: kerberos
  realm-name: TESTDOMAIN.RU
  domain-name: testdomain.ru
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %[email protected]
  login-policy: allow-realm-logins

I think the catch is that no additional parameters are created for AD users, because more than once in the articles I saw some kind of id check:

id [email protected] 
uid=1829600500...

and it gives me that there is no such user (I checked both on the server and on the client)
, there is also such a check that I generally get no answer:

getent passwd testuser
testuser:*:11107:10513:testuser:/home/TESTAD/testuser:/bin/bash

UPD:
/etc/krb5.conf

[libdefaults]
        default_realm = TESTDOMAIN.RU
        dns_lookup_realm = false
        dns_lookup_kdc = true

[realms]
        TESTDOMAIN.RU = {
                kdc = astra-test.testdomain.ru
        }
[domain_realms]
        .testdomain.ru = TESTDOMAIN.RU

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

CityCat4, 2019-08-14
@CityCat4

Read about deploying AD on samba and pam_ldap (or sssd with ldap service). All other articles are designed for AD on Windows.