{"id":71,"date":"2025-01-09T21:30:10","date_gmt":"2025-01-09T20:30:10","guid":{"rendered":"https:\/\/www.daminus.fr\/wordpress\/?p=71"},"modified":"2025-01-14T07:43:06","modified_gmt":"2025-01-14T06:43:06","slug":"script-integrer-active-directory","status":"publish","type":"post","link":"https:\/\/www.daminus.fr\/wordpress\/?p=71","title":{"rendered":"Script Int\u00e8grer Active Directory"},"content":{"rendered":"\n<h2 class=\"wp-block-heading has-black-color has-text-color has-link-color has-large-font-size wp-elements-14595a30bbe18da5a5d92e81b7b737a3\">La solution <strong>realmd<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"474\" height=\"468\" src=\"https:\/\/www.daminus.fr\/wordpress\/wp-content\/uploads\/2025\/01\/OIP.jpg\" alt=\"\" class=\"wp-image-104\" style=\"width:235px;height:auto\" srcset=\"https:\/\/www.daminus.fr\/wordpress\/wp-content\/uploads\/2025\/01\/OIP.jpg 474w, https:\/\/www.daminus.fr\/wordpress\/wp-content\/uploads\/2025\/01\/OIP-300x296.jpg 300w\" sizes=\"auto, (max-width: 474px) 100vw, 474px\" \/><\/figure>\n\n\n\n<p>La solution <strong>realmd<\/strong> est un outil qui permet de d\u00e9couvrir et de rejoindre des domaines d&rsquo;identit\u00e9 pour une int\u00e9gration directe avec des services de domaine. Voici quelques points cl\u00e9s sur son fonctionnement2 :<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>D\u00e9couverte des domaines<\/strong> : realmd peut effectuer une recherche pour identifier les domaines disponibles, tels que Microsoft Active Directory ou Red Hat Enterprise Linux Identity Management.<\/li>\n\n\n\n<li><strong>Configuration des services syst\u00e8me<\/strong> : Il configure les services syst\u00e8me sous-jacents, comme SSSD (System Security Services Daemon) ou Winbind, pour se connecter au domaine.<\/li>\n\n\n\n<li><strong>Gestion des utilisateurs<\/strong> : realmd permet de contr\u00f4ler quels utilisateurs du domaine peuvent acc\u00e9der aux ressources du syst\u00e8me local.<\/li>\n\n\n\n<li><strong>Commandes de domaine<\/strong> : Utilisez l&rsquo;outil de ligne de commande <code>realm<\/code> pour ex\u00e9cuter des commandes telles que d\u00e9couvrir, rejoindre, quitter et lister les domaines.<\/li>\n<\/ol>\n\n\n\n<p>En r\u00e9sum\u00e9, realmd simplifie le processus d&rsquo;int\u00e9gration des syst\u00e8mes Linux avec des domaines d&rsquo;identit\u00e9, rendant la gestion des utilisateurs et des services plus efficace.<\/p>\n\n\n\n<p class=\"has-vivid-cyan-blue-color has-text-color\"><strong>#!\/bin\/bash<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Mettre \u00e0&nbsp; jour les paquets<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>apt<\/strong><strong> <\/strong><strong>update<\/strong><strong> <\/strong><strong>&amp;&amp;<\/strong><strong> <\/strong><strong>sudo<\/strong><strong> <\/strong><strong>apt<\/strong><strong> <\/strong><strong>upgrade<\/strong><strong> <\/strong><strong>-y<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Installer les paquets n\u00e9cessaires<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>apt<\/strong><strong> <\/strong><strong>-y<\/strong><strong> <\/strong><strong>install<\/strong><strong> <\/strong><strong>realmd<\/strong><strong> <\/strong><strong>libnss-sss<\/strong><strong> <\/strong><strong>libpam-sss<\/strong><strong> <\/strong><strong>sssd<\/strong><strong> <\/strong><strong>sssd-tools<\/strong><strong> <\/strong><strong>adcli<\/strong><strong> <\/strong><strong>samba-common-bin<\/strong><strong> <\/strong><strong>oddjob<\/strong><strong> <\/strong><strong>oddjob-mkhomedir<\/strong><strong> <\/strong><strong>packagekit<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># D\u00e9terminer le nom du domaine Active Directory<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>read<\/strong><strong> <\/strong><strong>-p<\/strong><strong> <\/strong><strong>\u00ab\u00a0Nom du domaine Active Directory :\u00a0\u00bb<\/strong><strong> <\/strong><strong>AD<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Ajout de la machine \u00e0 Active Directory<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>realm<\/strong><strong> <\/strong><strong>discover<\/strong><strong> <\/strong><strong>$AD<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># D\u00e9finir les permissions du fichier de configuration SSSD<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>chmod<\/strong><strong> <\/strong><strong>600<\/strong><strong> <\/strong><strong>\/etc\/sssd\/sssd.conf<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Red\u00e9marrer le service SSSD<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>systemctl<\/strong><strong> <\/strong><strong>restart<\/strong><strong> <\/strong><strong>sssd<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Connection au domaine Active Directory<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>Sudo<\/strong><strong> <\/strong><strong>realm<\/strong><strong> <\/strong><strong>join<\/strong><strong> <\/strong><strong>-U<\/strong><strong> <\/strong><strong>administrateur<\/strong><strong> <\/strong><strong>$AD<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Cr\u00e9ation dossier utilisateur<\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>bash<\/strong><strong> <\/strong><strong>-c<\/strong><strong> <\/strong><strong>\u00ab\u00a0cat &gt; \/usr\/share\/pam-configs\/mkhomedir\u00a0\u00bb<\/strong><strong> <\/strong><strong>&lt;&lt;<\/strong><strong>EOF<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>Name:<\/strong><strong> <\/strong><strong>activate<\/strong><strong> <\/strong><strong>mkhomedir<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>Default:<\/strong><strong> <\/strong><strong>yes<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>Priority:<\/strong><strong> <\/strong><strong>900<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>Session-Type:<\/strong><strong> <\/strong><strong>Additional<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>Session:<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/strong><strong>required<\/strong><strong>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/strong><strong>pam_mkhomedir.so<\/strong><strong> <\/strong><strong>umask=0022<\/strong><strong> <\/strong><strong>skel=\/etc\/skel<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>EOF<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Red\u00e9marrage sssd<\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>pam-auth-update<\/strong><\/p>\n\n\n\n<p><strong>sudo<\/strong><strong> <\/strong><strong>systemctl<\/strong><strong> <\/strong><strong>restart<\/strong><strong> <\/strong><strong>sssd<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># V\u00e9rification que l&rsquo;utilisateur est bien reconnu<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>id<\/strong><strong> <\/strong><strong>administrateur@\u00a0\u00bb<\/strong><strong>$AD<\/strong><strong>\u00ab\u00a0<\/strong><strong><\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-text-color\"><strong># Autorisation de connexion<\/strong><strong><\/strong><\/p>\n\n\n\n<p><strong>sudo realm permit administrateur@admin<\/strong><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>La solution realmd La solution realmd est un outil qui permet de d\u00e9couvrir et de rejoindre des domaines d&rsquo;identit\u00e9 pour une int\u00e9gration directe avec des services de domaine. Voici quelques points cl\u00e9s sur son fonctionnement2 : En r\u00e9sum\u00e9, realmd simplifie&#8230;<\/p>\n","protected":false},"author":1,"featured_media":253,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-71","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/71","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=71"}],"version-history":[{"count":7,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/71\/revisions"}],"predecessor-version":[{"id":108,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/71\/revisions\/108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=\/wp\/v2\/media\/253"}],"wp:attachment":[{"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=71"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=71"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.daminus.fr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=71"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}