export PATH=$PATH:/usr/sbin

locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

locale-gen en_US en_US.UTF-8 pt_BR.UTF-8
dpkg-reconfigure locales

apt -y install realmd samba libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
realm discover my.local
realm join -U Administrator my.local
realm list

vim /etc/sssd/sssd.conf
use_fully_qualified_names = False

vim /usr/share/pam-configs/mkhomedir
Name: Create home directory on login
Default: yes
Priority: 900
session-type: additional
#Session-Interactive-Only: yes
session:
required pam_mkhomedir.so skel=/etc/skel umask=0077

sudo pam-auth-update --enable mkhomedir

realm permit --all
realm deny --all
realm permit -g usergroup

sudo vim /etc/sudoers.d/domain-admin
%usergroup ALL=(ALL) ALL

apt install realmd samba krb5-config krb5-user winbind libpam-winbind libnss-winbind samba-common-bin adcli packagekit
cat << EOF > /etc/realmd.conf
[users]
default-home = /home/%U
default-shell = /bin/bash
[active-directory]
# default-client = sssd
default-client = winbind
EOF

mv /etc/krb5.conf /etc/krb5.conf.bkp

cat << EOF > /etc/krb5.conf
[libdefaults]
default_realm = MY.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
EOF

realm join -U administrator my.local

vim /usr/share/pam-configs/mkhomedir
Name: Create home directory on login
Default: yes
Priority: 900
session-type: additional
#Session-Interactive-Only: yes
session:
required pam_mkhomedir.so skel=/etc/skel umask=0077

sudo pam-auth-update --enable mkhomedir
systemctl restart smbd nmbd winbind

sed -i '/s/files systemd/files winbind systemd/g' /etc/nsswitch.conf
wbinfo -u (check users)
wbinfo -g (check groups)

sudo vim /etc/sudoers.d/domain-admin
%usergroup ALL=(ALL) ALL

apt install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind samba-common-bin adcli packagekit

mv /etc/krb5.conf /etc/krb5.conf.bkp

cat << EOF > /etc/krb5.conf
[libdefaults]
default_realm = MY.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
EOF

mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp
cat << EOF > /etc/samba/smb.conf
[global]
workgroup = MY
security = ads
realm = MY.LOCAL
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind enum users = yes
winbind enum groups = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MY:backend = autorid
idmap config MY:schema_mode = rfc2307
idmap config MY:unix_nss_info = yes
idmap config MY:range = 8000-999999
idmap config MY:unix_primary_group = yes
template shell = /bin/bash
template homedir = /home/%U
winbind use default domain = yes
EOF

net ads join -U administrator

vim /usr/share/pam-configs/mkhomedir
Name: Create home directory on login
Default: yes
Priority: 900
session-type: additional
#Session-Interactive-Only: yes
session:
required pam_mkhomedir.so skel=/etc/skel umask=0077

sudo pam-auth-update --enable mkhomedir
systemctl restart smbd nmbd winbind

sed -i '/s/files systemd/files winbind systemd/g' /etc/nsswitch.conf
wbinfo -u (check users)
wbinfo -g (check groups)

sudo vim /etc/sudoers.d/domain-admin
%usergroup ALL=(ALL) ALL