- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Control and Grant SSH and SUDO Rights to Domain Joined Linux Systems using Active Directory Groups
As with Windows clients, we can use Active Directory security groups to control user SSH login and elevated SUDO rights on domain-joined Linux systems.
Applies to:
Debian Linux, Ubuntu Linux, Red Hat Linux, SUSE Linux, Windows Server 2012 through Windows Server 2025
Chapters
0:00 Introduction
0:38 Create Domain Groups for SSH Access
2:41 Verify AD Group Membership in Linux
3:22 Grant Domain Users SSH Access
5:18 Demonstrate SSH Access
6:46 Grant Domain Users SUDO Rights
8:01 Demonstrate SUDO Rights and Separation of Duties
9:06 Clear SSSD Cache
9:58 Thank you for watching
Glossary:
AD = Active Directory
ADAC = Active Directory Administrative Center
ADDS = Active Directory Domain Services
ADUC = Active Directory Users and Computers
OU = Organizational Unit
SCP = Secure Copy Protocol
SSH = Secure Shell
SSSD = System Security Services Daemon
SUDO = SuperUser DO
UPN = User Principal Name
GitHub:
https://github.com/DariensTips/ControlGrantSSHSUDORightsDomainJoinedLinuxSystemsADGroups
Commands:
Ubuntu: sudo systemctl restart ssh.service
Debian/Red hat/SUSE: sudo systemctl restart sshd.service
sudo systemctl stop sssd
sss_cache -E
rm -f /var/lib/sss/{db,mc}/*
sudo systemctl start sssd
sudo nano /etc/ssh/sshd_config.d/[filename].conf
sudo visudo -f /etc/sudoers.d/[filename]
sudo systemctl stop sssd
sss_cache -E
rm -f /var/lib/sss/{db,mc}/*
sudo systemctl start sssd
PowerShell:
$daGroup2Add=[GroupName]
$pth="OU=OrgUnit,DC=DomainComponent,DC=DomainComponent"
New-ADGroup -Name $daGroup2Add -GroupScope Universal -GroupCategory Security -Path $pth
Add-ADGroupMember -Identity $daGroup2Add -Members [adusers]
Links:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/sssd-cache#sssd-cache
https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adgroup?view=windowsserver2025-ps
https://serverfault.com/questions/617081/how-to-use-both-allowgroups-and-allowusers-in-sshd-config
https://unix.stackexchange.com/questions/270036/restrict-login-via-user-group-in-access-conf
https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file
Видео Control and Grant SSH and SUDO Rights to Domain Joined Linux Systems using Active Directory Groups канала Darien's Tips
Applies to:
Debian Linux, Ubuntu Linux, Red Hat Linux, SUSE Linux, Windows Server 2012 through Windows Server 2025
Chapters
0:00 Introduction
0:38 Create Domain Groups for SSH Access
2:41 Verify AD Group Membership in Linux
3:22 Grant Domain Users SSH Access
5:18 Demonstrate SSH Access
6:46 Grant Domain Users SUDO Rights
8:01 Demonstrate SUDO Rights and Separation of Duties
9:06 Clear SSSD Cache
9:58 Thank you for watching
Glossary:
AD = Active Directory
ADAC = Active Directory Administrative Center
ADDS = Active Directory Domain Services
ADUC = Active Directory Users and Computers
OU = Organizational Unit
SCP = Secure Copy Protocol
SSH = Secure Shell
SSSD = System Security Services Daemon
SUDO = SuperUser DO
UPN = User Principal Name
GitHub:
https://github.com/DariensTips/ControlGrantSSHSUDORightsDomainJoinedLinuxSystemsADGroups
Commands:
Ubuntu: sudo systemctl restart ssh.service
Debian/Red hat/SUSE: sudo systemctl restart sshd.service
sudo systemctl stop sssd
sss_cache -E
rm -f /var/lib/sss/{db,mc}/*
sudo systemctl start sssd
sudo nano /etc/ssh/sshd_config.d/[filename].conf
sudo visudo -f /etc/sudoers.d/[filename]
sudo systemctl stop sssd
sss_cache -E
rm -f /var/lib/sss/{db,mc}/*
sudo systemctl start sssd
PowerShell:
$daGroup2Add=[GroupName]
$pth="OU=OrgUnit,DC=DomainComponent,DC=DomainComponent"
New-ADGroup -Name $daGroup2Add -GroupScope Universal -GroupCategory Security -Path $pth
Add-ADGroupMember -Identity $daGroup2Add -Members [adusers]
Links:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/sssd-cache#sssd-cache
https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adgroup?view=windowsserver2025-ps
https://serverfault.com/questions/617081/how-to-use-both-allowgroups-and-allowusers-in-sshd-config
https://unix.stackexchange.com/questions/270036/restrict-login-via-user-group-in-access-conf
https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file
Видео Control and Grant SSH and SUDO Rights to Domain Joined Linux Systems using Active Directory Groups канала Darien's Tips
control ssh access ssh tutorial ssh linux ssh access to linux server ssh access to server control sudo access sudo access in linux ssh groups sudo groups ssh configuration learn ssh secure shell control ssh with active directory ssh group allowgroups active directory ssh config sshd_config linux sudoers file in linux sudoers file add user sudoers in linux sssd active directory linux sssd sssd service ssh tutorial linux
Комментарии отсутствуют
Информация о видео
16 февраля 2025 г. 21:00:06
00:10:36
Другие видео канала
