Ubuntu Post-Install Tasks

Post-install tasks for Ubuntu to:

  • Update Ubuntu
  • Install the QEMU Guest Agent (used when the server is a VM on a Proxmox host)
  • Change the resolv.conf symlink to allow .local DNS resolution
  • Add the server to a Windows domain
  • Create home directories for AD users
  • Allow SSH and Sudo rights to specified AD users/groups
# Update Ubuntu
sudo apt update && sudo apt upgrade -y

# Install QEMU Guest Agent (for VMS on a Proxmox host)
sudo apt install -y qemu-guest-agent

# Change resolv.conf symlink to resolve .local DNS
sudo rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

# Install prerequisites for adding to a Windows domain
sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

# Join server to a domain
sudo realm join -U <<administrator>> <<example.com>>

# Create home directory for AD users
sudo bash -c "cat > /usr/share/pam-configs/mkhomedir" <<EOF
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required                        pam_mkhomedir.so umask=0022 skel=/etc/skel
EOF

# Activate PAM module (select 'activate mkhomedir' in menu)
sudo pam-auth-update

# Edit sssd.conf
sudo nano /etc/sssd/sssd.conf

# Make the following changes to sssd.conf:
use_fully_qualified_names = False
ad_gpo_access_control = permissive
ignore_group_members = true
ldap_refferals = false

# Allow users SSH permissions
sudo realm permit <<user@example.com>>

# Allow groups SSH permissions
sudo realm permit -g <<'Example Group'>>

# Create file for sudo users
sudo nano /etc/sudoers.d/sudoers

# Within the sudoers file, add users or groups who require sudo permissions
user ALL=(ALL) ALL
%Example\ Group ALL=(ALL) ALL

# Restart sssd
sudo systemctl restart sssd

Leave a Reply