ANTS-Framework.linux_adbinding
Linux AD Binding
This guide helps you connect your Linux client to Active Directory (AD) using sssd and realmd.
Role Variables
linux_adbinding__domain: ADS.EXAMPLE.ORG
linux_adbinding__ou: CN=Computers,DC=ADS,DC=EXAMPLE,DC=ORG
linux_adbinding__user: bind-user
linux_adbinding__password: bind-users-password
linux_adbinding__domainandlinux_adbinding__ouare optional.
Realmd can usually find the AD domain automatically. You only need to specify the domain if there is more than one or if the automatic discovery fails.
If you don’t specify an Organizational Unit (OU), the computer will be saved in the default Computers OU. Specify a different OU only if you need the computer object to be created there.
linux_adbinding__userandlinux_adbinding__passwordare required. It's best to keep these in an Ansible vault for security.
Currently, this role does not allow you to remove your client from AD. To do this, you can use sudo realm leave or sudo realm leave -U <bind-user>. If you provide the bind-user credentials, it will also delete the computer object in AD. If you don't provide the credentials, the client will be unbound from AD, but the computer object will still exist.
Example Playbook
- hosts: clients
vars:
- linux_adbinding__domain: ADS.EXAMPLE.ORG
- linux_adbinding__ou: CN=Computers,DC=ADS,DC=EXAMPLE,DC=ORG
- linux_adbinding__user: bind-user
- linux_adbinding__password: bind-users-password
roles:
- linux_adbinding
You can also store the credentials in a vault and leave the domain and OU unspecified:
- hosts: clients
vars_files: linux_adbinding_vault.yml
roles:
- linux_adbinding
License
GPLv3
Author Information
Part of the ANTS Framework
Join your linux client to AD using sssd and realmd
ansible-galaxy install ANTS-Framework.linux_adbinding