TL;DR How do I reference an AD group for folder permissions before my computer has joined the domain?
I'm setting up an Ubuntu system to interface with the orgs Active Directory. I've read that private groups on the Linux machine is not the best idea and that I should use AD groups.
How do I reference AD groups when my machine hasn't joined the domain yet? Right now, I use ansible to set everything up, but I still have to do the following steps for it to become part of the domain.
sudo kinit Administrator
sudo net ads join -k
sudo systemctl start sssd.service
I was thinking of just creating a private group devops
, and hoping that since the names were the same between linux and AD that it would automatically link up. That seems too easy, so I thought I'd ask.
Join to AD can be automated. Which for Ansible implies searching for Galaxy roles that already do this. For inspiration or to use with minimal modification.
Adding the same named user or group to the directory and local files does not sync them, do not do it. Doing so invites confusion and host specific problems, such as different results depending on the order in /etc/nsswitch.conf. A source of truth exists in the directory, use that.