diff --git a/docs/.wordlist.txt b/docs/.wordlist.txt index 18e96e2c8..38f8bd121 100644 --- a/docs/.wordlist.txt +++ b/docs/.wordlist.txt @@ -65,6 +65,7 @@ Makefile multiline MyST namespace +OpenLDAP OU OUs Permalink diff --git a/docs/how-to/index.md b/docs/how-to/index.md index b8336db33..f6337e9b6 100644 --- a/docs/how-to/index.md +++ b/docs/how-to/index.md @@ -20,7 +20,8 @@ This section outlines how to join your client machine to the domain, install ADS ```{toctree} :titlesonly: -Join machine to AD +Join machine to AD during installation +Join machine to AD manually Set up ADSys ``` diff --git a/docs/how-to/join-machine-ad.md b/docs/how-to/join-ad-installation.md similarity index 57% rename from docs/how-to/join-machine-ad.md rename to docs/how-to/join-ad-installation.md index 88ba1c2c9..b0ae617c4 100644 --- a/docs/how-to/join-machine-ad.md +++ b/docs/how-to/join-ad-installation.md @@ -1,11 +1,8 @@ -# How to join an Active Directory domain +# How to join an Active Directory domain during installation In order to use Group Policies on an Ubuntu client, the first thing to do is, of course, to join the computer to an Active Directory domain. -There are 2 ways to join an AD domain: - - 1. At installation time with the Ubuntu Desktop installer. - 1. After installation, by manually setting up the connection to AD. +A machine can join an AD domain at installation time with the Ubuntu Desktop installer, or after installation, by manually setting up the connection to AD. ## Join at installation time @@ -32,28 +29,3 @@ Once all the information has been entered and is valid, press **"Continue"** to At the end of the installation you can reboot the machine and you are ready to log in as a user of the domain on first boot. If anything goes wrong with the join process during installation, you will be notified by a dialog box. You can still reboot the machine, log in as the administrator user of the machine (i.e. the user you entered in the page **"Who are you?"**) and troubleshoot the issue. The [Ubuntu Server Guide](https://ubuntu.com/server/docs/service-sssd) provides instructions to perform such troubleshooting. - -## Join manually using SSSD - -The purpose of this document is to describe how to operate ADSys. So we won’t do an in depth description of the operations to manually configure a connection to Active Directory from an Ubuntu Client. - -Authentication of Ubuntu against the Active Directory server requires to configure SSSD and Kerberos. SSSD will then retrieve the credentials and the initial security policy of the `Default Domain Policy`. - -All these operations are perfectly described in the [Ubuntu Server Guide “Service - SSSD”](https://ubuntu.com/server/docs/service-sssd) and the White Paper [How to integrate Ubuntu Desktop with Active Directory](https://ubuntu.com/engage/microsoft-active-directory). - -## Join manually using Winbind - -In addition to SSSD, ADSys supports using Winbind as a backend. The easiest way to join a domain using Winbind is to use the `realmd` utility, as described in the [Samba - Active Directory](https://ubuntu.com/server/docs/samba-active-directory) guide. - -ADSys uses SSSD as a default backend, so Winbind has to be opted into explicitly via the following configuration option in `adsys.yaml`: - -```yaml -ad_backend: winbind -``` - -In addition, Winbind requires additional dependencies to be installed. On Ubuntu-based systems they can be installed by executing the following command, prior to ADSys: - -```sh -sudo apt update -sudo apt install winbind krb5-user -``` diff --git a/docs/how-to/join-ad-manually.md b/docs/how-to/join-ad-manually.md new file mode 100644 index 000000000..3e990661d --- /dev/null +++ b/docs/how-to/join-ad-manually.md @@ -0,0 +1,31 @@ +# How to join an Active Directory domain manually + +ADSys supports two Active Directory backends: + +1. [SSSD](https://sssd.io/), or System Security Services Daemon, provides access to centralized identity management systems like Microsoft Active Directory, OpenLDAP, and various other directory servers. This client component retrieves and caches data from remote directory servers, delivering identity, authentication, and authorization services to the host machine. +2. [Winbind](https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC) is a component of the Samba suite that provides seamless integration and authentication services between UNIX or Linux systems and Windows-based networks, allowing the former to appear as members in a Windows Active Directory domain. + +## Join manually using SSSD + +The aim of this documentation is to describe how to operate ADSys. So we won’t do an in depth description of the operations to manually configure a connection to Active Directory from an Ubuntu Client. + +Authentication of Ubuntu against the Active Directory server requires to configure SSSD and Kerberos. SSSD will then retrieve the credentials and the initial security policy of the `Default Domain Policy`. + +All these operations are described in details in the [Ubuntu Server Guide “Service - SSSD”](https://ubuntu.com/server/docs/service-sssd) and the White Paper [How to integrate Ubuntu Desktop with Active Directory](https://ubuntu.com/engage/microsoft-active-directory). + +## Join manually using Winbind + +In addition to SSSD, ADSys supports Winbind as a backend. The easiest way to join a domain using Winbind is to use the `realmd` utility, as described in the [Samba - Active Directory](https://ubuntu.com/server/docs/samba-active-directory) guide. + +ADSys uses SSSD as a default backend, so Winbind has to be opted into explicitly via the following configuration option in `adsys.yaml`: + +```yaml +ad_backend: winbind +``` + +In addition, Winbind requires additional dependencies to be installed. On Ubuntu-based systems they can be installed by executing the following command, prior to ADSys: + +```sh +sudo apt update +sudo apt install winbind krb5-user +``` diff --git a/docs/reference/index.md b/docs/reference/index.md index c5b8d42c7..edabce954 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -2,7 +2,7 @@ This section consolidates technical details on ADSys, including specifications, APIs, and architecture. -On the linux side, ADSys is composed of a daemon and a command line interface: +On the Linux side, ADSys is composed of a daemon and a command line interface: * The daemon - `adsysd` - implements the Group Policy protocol. It relies on Kerberos, Samba and LDAP for authentication and policy retrieval. * The command line interface - `adsysctl` - controls the daemon and reports its status.