after building your Ubuntu server do the following to set your static IP

apt update

apt install openssh-server

cd /etc/netplan/

cp 01-network-manager-all.yaml 01-network-manager-all.yaml~

vim 01-network-manager-all.yaml

Let NetworkManager manage all devices on this system

network:
ethernets:
ens33:
addresses: [192.168.116.163/24]
gateway4: 192.168.116.2
nameservers:
addresses: [192.168.116.158, 8.8.8.8]
version: 2

wq!

netplan apply

Set a hostname

hostnamectl

hostnamectl set-hostname ubuntu02.linuxtest.com

hostnamectl

cat /etc/hostname

vim /etc/hosts

192.168.116.146 Ubuntu-client.linuxtest.com Ubuntu-client
192.168.116.146 DC01.linuxtest.com DC01
Confirm DNS ia configured correctly:

cat /etc/resolv.conf

apt install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

realm discover linuxtest.com

realm join -U Administrator linuxtest.com

put in password

realm list

On RHEL based systems, user’s home directory will be created automatically.
On Ubuntu / Debian, you need to enable this feature.
root@serveradministrator-virtual-machine:~# bash -c “cat > /usr/share/pam-configs/mkhomedir” <<EOF

Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
EOF
root@serveradministrator-virtual-machine:~#

Then activate with:#pam-auth-update

It opens a GUI Ensure “activate mkhomedir” is selected, it should have [*]
then click “ok”

id Administrator@linuxtest.com

id svc_patch@linuxtest.com

cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig

before :use_fully_qualified_names = True
after :use_fully_qualified_names = False
before :fallback_homedir = /home/%u@%d
after: fallback_homedir = /home/%u

systemctl restart sssd

systemctl status sssd

id svc_patch

id Administrator

Control Access – Limit to user/group
To permit a user access via SSH and console, use the command:

realm permit svc_patch@linuxtest.com

Permit access to group – Examples

realm permit ‘Domain Users’ ‘admin users’

realm permit -g ‘sudoers’

If instead you like to allow all users access, run:

realm permit –all

To deny all Domain users access, use:

realm deny –all

Configure Sudo Access
Users have to be granted access based on usernames or groups.

echo “svc_patch ALL=(ALL) NOPASSWD:ALL” >>/etc/sudoers

vim /etc/pam.d/common-session

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022