Debian 13 使用 sssd 加入 domain

apt install -y adcli realmd krb5-user samba-common-bin samba-libs samba-dsdb-modules sssd sssd-tools libnss-sss libpam-sss packagekit polkitd  pkexec

/etc/sssd/sssd.conf  設定檔
[sssd]
domains = ad.example
config_file_version = 2
services = nss, pam

[domain/tw.example]
ad_domain = ad.example
krb5_realm = AD.EXAMPLE
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False    #登入時,不需輸入網域
fallback_homedir = /home/%d/%u       #自動建立的 home 目錄不會加上 @DomainName
access_provider = ad
enumerate = true       #可 使用 getent 查詢帳號資訊
ad_gpo_map_interactive = +xrdp-sesman

編輯 /etc/pam.d/common-session
# add to the end if need (create home directory automatically at initial login)
session optional        pam_mkhomedir.so skel=/etc/skel umask=077