{"id":15059140,"url":"https://github.com/pierregode/linux-active-directory-join-script","last_synced_at":"2025-04-04T14:05:09.604Z","repository":{"id":41162006,"uuid":"66700009","full_name":"PierreGode/Linux-Active-Directory-join-script","owner":"PierreGode","description":"Active directory Join script for Ubuntu, Debian, CentOS, Linux Mint, Fedora, Kali, Elementary OS and Raspbian with built in failchcheck and debugmode for Ubuntu. \"The most advanced and updated AD join script on GITHUB for Linux\"","archived":false,"fork":false,"pushed_at":"2025-02-19T09:50:10.000Z","size":716,"stargazers_count":139,"open_issues_count":0,"forks_count":47,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-04T13:45:04.643Z","etag":null,"topics":["active-directory","activedirectory","azuread","centos","debian","fedora","kali","ldap","linux-mint","rasperrypi","realm","sssd","ubuntu","zorin"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PierreGode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-27T06:34:28.000Z","updated_at":"2025-03-30T21:39:17.000Z","dependencies_parsed_at":"2024-08-29T11:56:06.564Z","dependency_job_id":"76d0f667-a4b7-4343-b41d-743c63b3e6fe","html_url":"https://github.com/PierreGode/Linux-Active-Directory-join-script","commit_stats":{"total_commits":899,"total_committers":11,"mean_commits":81.72727272727273,"dds":0.3559510567296996,"last_synced_commit":"8992cd1570b3d4f18010e63aebb9f752f9472aa1"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PierreGode%2FLinux-Active-Directory-join-script","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PierreGode%2FLinux-Active-Directory-join-script/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PierreGode%2FLinux-Active-Directory-join-script/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PierreGode%2FLinux-Active-Directory-join-script/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PierreGode","download_url":"https://codeload.github.com/PierreGode/Linux-Active-Directory-join-script/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247190247,"owners_count":20898702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","activedirectory","azuread","centos","debian","fedora","kali","ldap","linux-mint","rasperrypi","realm","sssd","ubuntu","zorin"],"created_at":"2024-09-24T22:38:29.782Z","updated_at":"2025-04-04T14:05:09.583Z","avatar_url":"https://github.com/PierreGode.png","language":"Shell","funding_links":["https://ko-fi.com/J3J2EARPK"],"categories":[],"sub_categories":[],"readme":"# Linux-Active-Directory-join-script By Pierre Gode 2017-2025\n\n[![GitHub stars](https://img.shields.io/github/stars/PierreGode/Linux-Active-Directory-join-script)](https://github.com/PierreGode/Linux-Active-Directory-join-script/stargazers) [![Commits per Month](https://img.shields.io/github/commit-activity/m/PierreGode/Linux-Active-Directory-join-script)](https://github.com/PierreGode/Linux-Active-Directory-join-script/commits/main) ![Tech Stack](https://img.shields.io/badge/stack-Bash%20%7C%20Python%20%7C%20Shell-brightgreen) [![Platform](https://img.shields.io/badge/platform-Linux-blue.svg)](https://shields.io/) ![GitHub Workflow Status](https://github.com/PierreGode/Linux-Active-Directory-join-script/actions/workflows/review.yml/badge.svg) ![Visitor Count](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https://github.com/PierreGode/Linux-Active-Directory-join-script\u0026title=Visitors)\n\n\n\n\n\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/J3J2EARPK)\n\u003cp\u003e\nIf you like this project please star it, that will also encourage me with updates.\n\u003cp\u003e\nNew: Added support for readfile for Ubuntu.\n\n\nSupported OS's:\u003cp\u003e\n\u003cli\u003eUbuntu 14-24 + mate\u003c/li\u003e\n\u003cli\u003eDebian 8-12\u003c/li\u003e\n\u003cli\u003eCent OS\u003c/li\u003e\n\u003cli\u003eRasbian\u003c/li\u003e\n\u003cli\u003eFedora\u003c/li\u003e\n\u003cli\u003eLinux Mint\u003c/li\u003e\n\u003cli\u003eKali\u003c/li\u003e\n\u003cli\u003eZorin \u003c/li\u003e\n\u003cli\u003eElemantary OS\u003c/li\u003e\n\u003cp\u003e\u003c/p\u003e\n\n    \nAdded support to Perform a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind with request signing (integrity verification) on-SSL-encrypted) LDAP connection. see more in wiki.\n\nThis is a script for Active Directory join with realmd.\nand is a result of a lot of small upgrades according as needs has emerged.\n\n\u003cp\u003eAlso see\u003ca href=\"https://github.com/PierreGode/Linux-Active-Directory-join-script/wiki\"\u003e Wiki\u003c/a\u003e\u003c/p\u003e\n\n### But why a script?\n\n\u003cp\u003eJoining a domain can be a simple process, but configuring everything to function properly can be quite challenging. This includes tasks such as:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eResolving issues with empty login prompts for new AD users\u003c/li\u003e\n\u003cli\u003eSetting up sudo permissions\u003c/li\u003e\n\u003cli\u003eConfiguring settings for mobile accounts in SAM\u003c/li\u003e\n\u003cli\u003eStrengthening security with SSH login allowances\u003c/li\u003e\n\u003cli\u003eMaking additional configurations to sssd.conf\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFortunately, this script simplifies the process by allowing you to easily join a domain with just a few questions. Some key features of the script include:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAutodetection of seven different Linux distributions\u003c/li\u003e\n\u003cli\u003eAutodetection of your domain\u003c/li\u003e\n\u003cli\u003eGeneration and editing of necessary files\u003c/li\u003e\n\u003cli\u003eBuilt-in failcheck to ensure success\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWith this script, joining a domain and customizing your settings to meet your needs has never been easier!\u003c/p\u003e\n\n\u003cH4\u003eWhat is the setup then?\u003c/H4\u003e\ncomputer objct = HOSTNAME .\nsudo group = HOSTNAMEsudoers = ADgroup\n\nupdate: Added flag options no minimize the menu and add logging: see sudo sh ADconnection.sh --help\nUsage: \n\n    sh ADconnection.sh [--help] [-d (ubuntu debug mode)]\n      [-j admin domain (Simple direct join\n      [-l (script output to log file)]\n      [-s (Discover domain)]\n                          \n                        \nUsage of the script:\n\n    sudo sh ADconnection.sh or sudo ./ADconnection.sh\nfor ./ADconnection.sh do a \n\n     sudo chmod +x ADconnection.sh  \n\n\n# Complete steps\n\n#### 1. Config\nremember to set a hostname on the client or server, the AD will set computer object itself named after the hostname of the machine = \"linuxcomputer\" as example\n\n#### 2. Permissions\nAt this point you have 2 options. you already have a Group i AD example:\"ADMINS\" here you have your users with sudo rights. then you need to edit /etc/sudoers.d/sudoers\nand add   %ADMINS ALL(ALL:ALL) ALL if you want to give this group sudo rights.\nIn this script there is a magic word added for groups in AD and it is sudoers, it always adds sudoers after hostname, like linuxcomputersudoers\nadministrator will always be added to sudoers as a failsafe for sysadmins.\n\nand also /etc/ssh/login.allow if you have selected this option for security.\n\nOr if you want to manage sudo users by a new group then create a group name LINUXCOMPUTERsudoers and LINUXCOMPUTER as hostname, they are not related, but Computer object in AD will be created and named after hostname and naming the ADgroup simmilar makes search easier in the future, therefore the script by defaut will add \"LINUXCOMPUTERsudoers\" as default in sudoers.d/sudoers, in this step you don't need to edit files, the script will allow you to choose if you want users to be sudoers or not and if yes the script will autogenerate \"LINUXCOMPUTERsudoers\" in sudoers\n.\n#### 3. Hostname\nset hostname on you computer to \"linuxcomputer\" (hostname and hosts files) and reboot \n( in/etc/hosts it should look like 127.0.1.1       LINUXCOMPUTER01       LINUXCOMPUTER01.domain.com also in resolv.conf you should have search domain.com)\n\n#### 4. git clone \ngit clone this script and run\nExecute the script with sudo sh ADconnection.sh, It will detect if it is a client or a server, it will also detect if client is running ubuntu 14,16,17, 18, 19,20, mate,Debian ,Cent OS,Rasbian ,Fedora, Linux Mint or Kali\nthe script will find your domain name if existing, and your networkconfig is correct.. if not a promt will let you type the domain name. \"domain.com\"\nIf there are issues finding the domain please dubblecheck your dns configuration on the domain controller.\n\nafter that authorise with a admin user.\nmake sure to read the questions carefully and also read built in help in the script.\n\nFor security this script creates an ssh allow file so users that are not in the correct AD group can't login,\nthis also \"blocks\" users from creating local accounts ( they can create them if the are sudoers, but will never be able to login)\nNOTICE! if your local user is not administrator you MUST edit and add current local user in the  (/etc/ssh/login.group.allowed) file.\nIf you current local user is not in the SSH-ALLOW file it will be BANNED from the computer!\n\nUpdated. :Added the ability to choose if you want to dissable SSH-allow,\nnote: if ssh is disabled users in other groups will be able to ssh to the client, but will not have sudo rights if they are not members in the group LINUXCOMPUTERsudoers\n\n### Updated. :\nalso the ability to choose if clients should have sudo rights or not.\nif you seclect no on this option there is no need for an AD group \"LINUXCOMPUTERsudoers\" in active directory, all domain users\nwill have nonsudo access. \"notice this option can NOT be combined with the option YES on ssh-allow\"\n\n### Updates:\nadded join to ubuntu clients with debug mode. \ndebugmode will open 2 terminals and will post information while you run the script.\n(does not work over SSH)\n\nComming updates: the option to paste a path for a correct OU were the machine will me setup. ( the defoult OU is CN=Computers,DC=domain,DC=com ) (still in progress)\nComming updates: Option to rejoin ( leave realm and join realm and keep all configuration )\n\n\nThis will make the cleanest setup possible. no @ in names or in home folder\nhome folder will be /home/domain.com/user\nUser name will be only set as \"user\" without /myad/you or you@domain.com... just clean!. this is to prevent complications for developers when building code\nAfter reboot just login with you AD account \"user\" and password... again.. no @ or domain.com/user is needed, just \"user\"\nto test access and permissions of a user execute in terminal from administrator account: id user or id user | grep -i groupname (LINUXCOMPUTERsudoers)\n\nFor best security. I restricted ssh to only domainadmins and local administrator, also clients will be allowed to login from assigned group ( \"LINUXCOMPUTERsudoers\" ) (with option YES on SSH-allow) (with option YES on sudo rights )\n\n\n### How do i update my password?\n( changed password but Linux is still on old password ) \nThis should read new info from AD when you are on \"AD\" network\nFirst time you login your \"user\" caches on the computer ( means that you can login beeing disconected to \"office network\"\nIf you are having problems with the computer not fetching the new password. On office network.. open a terminal and execute sudo service sssd restart, this will reload information, logout and login with the new password.\n\n### I have issues!\n\n1. After reboot I cant login at all. (local or AD)  \n\"This is problably caused by failed SSH-allow configuration, make sure to have correct users in the configuration or disable SSH-allow when running the script\" \n\n2. I rebooted the computer but i still can not login with the AD user!   \n\"did you wait 5 min for AD to sync?\ncheck that the computer object is created in the AD\nLogin with your local account and execute in terminal \" sudo sssd service restart   and the try to see if you can see the user by executing id yourADusername, if you can see the user and all the groups the user is member of in AD then it works. if you have it set up with an ADgroup then you can execute: \nid yourADusername | grep -i LINUXCOMPUTERsudoers (the groupname or hostname depending on you setup)\n\n3. Damn i got the wrong hostname and its not created as a computerobject in AD   \n\"Login with local admin and change your hostname to this files so it matches groupobject in AD /etc/sudoers.d/sudoes (if configured)    /etc/ssh/login.group.allowed (if configured)   /etc/hostname  and /etc/hosts\nthen run sudo realm leave domain.com reboot and rejoin running the script again, the script will not override files if they have been configured before.\nIf the computerobject is existing in AD but you wish to replace it, just delete the computerobject and join/rejoin with computer/server with the same hostname as the computerobject.\nreboot and wait 5 min before login\n\nIf you have issues with slow replies from the domain controller i have added lines to nsswitch an sssd to prevent hangs, slow logins and slow repy from sudo commands in a teminal. this was added 2017/11 so if you have and older \"join\" than 2017/11 you should do a rejoin.\n\n4. I am a member of sudores but programs require administrator to login..\nyou are sudo user if added to sudoes file, but the account is a standard account. to give full administration priviligies\nrun in terminal: sudo usermod -a -G sudo user\n\n\n\u003cp\u003eEncrypted Password?:\u003c/p\u003e\nI have added the option for readfie and also a way to encrypt ADadmin password for those that don´t want to use one-time passwords.\nsudo sh ADconnection.sh -p will promt you for a password that will be encrypted. pubic key, privat.key and a encrypted.dat files will be generated. find a way to store your private key and only place them in Linux-Active-Directory-join-script folder during join.\n\n\u003cp\u003e\nNote. Make sure dns works so it can properly find ldap server\nIf you are using multiple domain servers or have a backup domain server, see example below\n[sssd]\nservices = nss, pam\nconfig_file_version = 2\ndomains = ad.example.com\n\n[domain/ad.example.com]\nid_provider = ad\nauth_provider = ad\naccess_provider = ad\nchpass_provider = ad\nad_server = dc1.ad.example.com\nad_backup_server = dc2.ad.example.com\nfilter_users = root at ad.example.com\nfilter_groups = root at ad.example.com\nldap_id_mapping = false\ndyndns_update = true\ndyndns_update_ptr = false\nenumerate = true\nsubdomain_enumerate = all\ncache_credentials = true\n\nHow to change AD password in linux (ubuntu example): open settings, users click on password field, set new password.\n\nHow to git?\n\nOn linux client install git = sudo apt-get install git -y (or) sudo yum install git\n\nClone this repo = sudo git clone https://github.com/PierreGode/Linux-Active-Directory-join-script.git\n\nTo update repo to latest version = in the folder Linux-Active-Directory-join-script/    run: sudo git pull\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpierregode%2Flinux-active-directory-join-script","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpierregode%2Flinux-active-directory-join-script","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpierregode%2Flinux-active-directory-join-script/lists"}