четверг, 23 января 2020 г.

Centos7 join to AD

To join Centos 7 to Active Directory it needs to configure time sync between Centos and domain controlled. So you need to install crony :

yum install chrony -y

and set domain controller servers in /etc/chrony.conf:

server 172.27.x.x
server 172.27.x.y
server 172.27.x.z

and restart chrony service:

systemctl restart chrony

also need to check service is enabled:

systemctl status chrony

then install needs packages :

yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y

then dicsover your domain:

realm discover your_domain.local

you should receive something like that:

  type: kerberos
  realm-name: YOUR_DOMAIN.LOCAL
  domain-name: your_domain.local
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common-tools

And join a machine to the domain:

realm join -U administrator your_domain.local

If no errors all ok.

To disable login with full domain name :

sed -i 's/use_fully_qualified_names\ =\ True/use_fully_qualified_names\ =\ False/g'  /etc/sssd/sssd.conf

and user's home dir without domain name

sed -i 's/home\/\%u\@\%d/home\/\%u/' /etc/sssd/sssd.conf

To enable users to create home directories:

authconfig --enablemkhomedir --enablesssdauth --updateall

enable service and restart it:

systemctl enable sssd.service && systemctl restart sssd

пятница, 10 января 2020 г.

RDP server on Ubuntu 18 desktop

To add rdp server on Ubuntu 18 do that:

  sudo add-apt-repository ppa:martinx/xrdp-hwe-18.04
  sudo apt-get update
  # Install new packages
  sudo apt-get install xrdp xorg
  # Add xrdp user to ssl-cert group and reboot
  sudo adduser xrdp ssl-cert
  sudo reboot
After that use rdesktop client to connect to your server. If you face error to set color device, do next^
sudo apt-get install gnome-tweak-tool -y 
sudo sed -i 's/allowed_users=console/allowed_users=anybody/' /etc/X11/Xwrapper.config
sudo touch /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
sudo gedit /etc/polkit-1/localauthority.conf.d/02-allow-colord.conf
and paste next text:
polkit.addRule(function(action, subject) { if ((action.id == “org.freedesktop.color-manager.create-device” || action.id == “org.freedesktop.color-manager.create-profile” || action.id == “org.freedesktop.color-manager.delete-device” || action.id == “org.freedesktop.color-manager.delete-profile” || action.id == “org.freedesktop.color-manager.modify-device” || action.id == “org.freedesktop.color-manager.modify-profile”) && subject.isInGroup(“{group}”)) { return polkit.Result.YES; } });
Also to add xrdp to ubuntu18 server you shoud do next:
tasksel install ubuntu-mate-core
systemctl enable lightdm
apt install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils 
apt install xrdp
adduser xrdp ssl-cert
firewall-cmd --zone=public --permanent --add-port=3389/tcp