Post-install tasks for Ubuntu to:
- Update Ubuntu
- Install the QEMU Guest Agent (used when the server is a VM on a Proxmox host)
- Change the resolv.conf symlink to allow .local DNS resolution
- Add the server to a Windows domain
- Create home directories for AD users
- Allow SSH and Sudo rights to specified AD users/groups
# Update Ubuntu
sudo apt update && sudo apt upgrade -y
# Install QEMU Guest Agent (for VMS on a Proxmox host)
sudo apt install -y qemu-guest-agent
# Change resolv.conf symlink to resolve .local DNS
sudo rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
# Install prerequisites for adding to a Windows domain
sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
# Join server to a domain
sudo realm join -U <<administrator>> <<example.com>>
# Create home directory for AD users
sudo bash -c "cat > /usr/share/pam-configs/mkhomedir" <<EOF
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
EOF
# Activate PAM module (select 'activate mkhomedir' in menu)
sudo pam-auth-update
# Edit sssd.conf
sudo nano /etc/sssd/sssd.conf
# Make the following changes to sssd.conf:
use_fully_qualified_names = False
ad_gpo_access_control = permissive
ignore_group_members = true
ldap_refferals = false
# Allow users SSH permissions
sudo realm permit <<user@example.com>>
# Allow groups SSH permissions
sudo realm permit -g <<'Example Group'>>
# Create file for sudo users
sudo nano /etc/sudoers.d/sudoers
# Within the sudoers file, add users or groups who require sudo permissions
user ALL=(ALL) ALL
%Example\ Group ALL=(ALL) ALL
# Restart sssd
sudo systemctl restart sssd