Slight slight correction for both: In Virtualbox we do not emulate or run Windows, we virtualize Windows.
In Ubuntu with Wine I run sketchup, and windows goodies. jejeje
Hi fausp, interesting stuff as planning to switch to AD an join all my linux environments (including arm boards) to the domian.
Has someone tried to make a
wheel group in the AD and add sudoers to it. Is this reflected on the client?
old AFAIK stil correct doc about wheel group.
I will integrate the wheel group into the HowTo, the integration in the AD would be vy cool…
For running virtualized Windows still are necessaries licenses.
I recently used only Xubuntu as Client Enviroment. Someone had some experience with OpenSUSE or Debian?
# Open a Terminal become root: sudo su # Add extra Repositories # EPEL yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # NUX rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm # Yum update: yum clean all && rm -rf /var/cache/yum && yum -y update # Install some pakages: yum -y install nano realmd oddjob oddjob-mkhomedir sssd adcli samba-common samba-common-tools krb5-workstation \ openldap-clients policycoreutils-python policycoreutils-gui pam_mount authconfig-gtk # Get your DNS domain name from: Configuration > Accounts provider > DNS domain name # Join CentOS-Desktop to AD domain realm join --user=administrator ad.example.org # Check realm: realm list # Change and add /etc/sssd/sssd.conf: use_fully_qualified_names = False fallback_homedir = /home/%u override_homedir = /home/%u override_shell = /bin/bash # Restart sssd: systemctl restart sssd # Add sudoers permission: usermod -aG wheel admin usermod -aG wheel administrator # Reboot the CentOS7 Desktop reboot # GUI logon with AD-User: user: <your-AD-user> pass: <your-admin-password> --------------- optional --------------- ## Install remote-desktop server yum -y install xrdp tigervnc-server systemctl start xrdp netstat -antup | grep xrdp systemctl enable xrdp # setup firewall firewall-cmd --permanent --add-port=3389/tcp firewall-cmd --reload # setup selinux chcon --type=bin_t /usr/sbin/xrdp chcon --type=bin_t /usr/sbin/xrdp-sesman ## Install remote-desktop client yum install remmina remmina-plugins-* --------------- optional ---------------
Followed your How to On a Fedora from
# Install some pakages: (obviously used dnf instead of yum) until
# Restart sssd: with success; thanx!
(although one nasty quirk: authentication of screensaver does not work for me.)
Instead of locally adding admin and administrator to the
wheel group, i make a wheel group on my Nethserver (
email@example.com) and added the domain admins group (
domain firstname.lastname@example.org) to it as members and a regular user (i.e.
On the domain-client (only) the users added to
email@example.com group (ie admin, administrator and john) have sudo rights
Install Suse ( https://de.opensuse.org/Portal:42.3 1 to download ) I use the Gnome version.
After Install search for domain windows in the Dash- there will be an oppertunity to connect to a WIndows Domain- Put in your credentials, then there will be installation of further software, please accept; I think after a restart using at login other User you should be able to log in to your domain using "yourdomain\user
see also: https://freecastleit.wordpress.com/2016/12/21/howto-join-an-opensuse-leap-42-2-client-to-an-existing-windows-activedirectory-ussing-sssd-authentication/ 1
What we also did for having all the data on the server: Mounting the home directory directly at the users home on NS- which is absolutly great- all files and settings are directly stored at the Server and also therefore backuped with the normal backup prozedure- only the network connection must be garanteed. Done on every cllent makes roaming unnecessary. See also Roaming profiles in ns7 Active Directory
We had trouble using our Java based medical documentation software on Gnome so we changed/ additionally installed the KDE Desktop.
Hope that works.
I’m running 4 OpenSuse right now, mostly for test, but one on my laptop;
But you could also make a edgy CentOS by using the last kernel with elrepo;
than making snapshot with snapper by using https://copr.fedorainfracloud.org/coprs/andybe/Centos7Btrfs/packages/
As I mention in another post; the most advantage of OpenSUSE is to be a Rolling Version, than after that snapper.
I also have a VM running Nethserver on btrfs with the last kernel and snapper;
Let’s say; for now everything works fine.
Hi JOduMonT, do you mean the hypervisor or the NS runs on btrfs?
I guess the hypervisor, which one do you use?
The KVM hypervisor is a OpenSUSE Tumbleweed which use brtfs
The VM is based on CentOS/Nethserver which also run on brtfs
oh! in case you ask
simply install CentOS as usual but choose btrfs as filesystem
then initiate snapper
- install the repo
- install the soft + the plugin for yum :
yum install -y snapper yum-plugin-snapper
- create the config for your root
snapper -c root create-config /
enjoy and use at your own risk
Oh, vy nice! I have to investigate this solution…
Tried it but without luck, did you do something else?
[admin@ap002 ~]$ groups domain users domain admins denied rodc password replication group wheel [admin@ap002 ~]$ sudo su [sudo] Passwort für admin: admin ist nicht in der sudoers-Datei. Dieser Vorfall wird gemeldet.
I was able to get sudo rights with the edit of /etc/sudoers:
%domain\ admins ALL=(ALL) NOPASSWD: ALL
But of course this is not the same as the wheel-group method…
No, no extra steps. Did it on fedora, let me spin up a centos vm and report my findings.
OK, thank you, there is no hurry…
Can confirm it does not work on Centos out of the box.
Deducted it to differences centos <> fedora in configuration of nsswitch.
It worked as expected after boldly taking fedora’s nsswitch.conf :
EDIT: removed nsswitch.conf
Did not find smoking gun witch settings made it possible, just adding the missing
sudoers: files to the centos default nsswitch.conf did not do the trick. hence the bold move, which no one should do!, to take the complete configuration over.
EDIT: found “the smoking gun”