Description¶ ↑
The radcli library provides a Ruby interface for performing actions on a Active Directory domain using the realmd/adcli tool. (adcli: www.freedesktop.org/software/realmd/adcli/devel-building.html)
Installation¶ ↑
This library is available as a gem.
Ubuntu 16.04¶ ↑
sudo apt-get -y install make gcc libkrb5-dev libldap2-dev libsasl2-dev sudo gem install radcli
Redhat Linux 7.4¶ ↑
sudo yum -y install make gcc automake autoconf krb5-devel openldap-devel cyrus-sasl-devel cyrus-sasl-gssapi sudo gem install radcli
Building¶ ↑
Ubuntu 16.04¶ ↑
sudo apt-get install ruby gem ruby-dev sudo gem install rake bundler rake-compiler rspec sudo apt-get install make gcc automake autoconf xmlto xsltproc libkrb5-dev libldap2-dev libsasl2-dev
git clone https://github.com/martencassel/radcli cd radcli rake build gem install pkg/radcli-1.1.0.gem
Redhat Linux 7.4¶ ↑
sudo subscription-manager repos --enable rhel-7-server-optional-rpms sudo yum -y install ruby gem ruby-devel sudo yum -y install git make gcc automake autoconf krb5-devel openldap-devel cyrus-sasl-devel cyrus-sasl-gssapi sudo gem install rake bundler rake-compiler rspec
git clone https://github.com/martencassel/radcli cd radcli rake build gem install pkg/radcli-1.1.0.gem
Synposis¶ ↑
Connect using username/password¶ ↑
require 'radcli' adconn = Adcli::AdConn.new("example.com") adconn.set_domain_realm("EXAMPLE.COM") adconn.set_domain_controller("dc.example.com") adconn.set_login_user("Administrator") adconn.set_user_password("password") res = adconn.connect
or connect using local credentials cache¶ ↑
require 'radcli' require "rkerberos" # Kinit using principal name and keytab. principal = "Administrator" keytab file over an unsecured network. keytab="/etc/foreman-proxy/ad.keytab" krb5 = Kerberos::Krb5.new ccache = Kerberos::Krb5::CredentialsCache.new krb5.get_init_creds_keytab principal, keytab, nil, ccache # Connect adconn = Adcli::AdConn.new("example.com") adconn.set_domain_realm("EXAMPLE.COM") adconn.set_domain_controller("dc.example.com") adconn.set_login_ccache_name("") res = adconn.connect
Join¶ ↑
enroll = Adcli::AdEnroll.new(adconn) enroll.set_computer_name("server") enroll.set_host_fqdn("server.example.com") enroll.set_computer_password("password") enroll.join()
Reset Password¶ ↑
enroll = Adcli::AdEnroll.new(adconn) enroll.set_computer_name("server") enroll.set_computer_password("newpass") enroll.password()
Delete¶ ↑
enroll = Adcli::AdEnroll.new(adconn) enroll.set_computer_name("server") enroll.delete()
Notes¶ ↑
For a testing environment you need the following:
-
A windows domain controller and a connected linux server.
-
The linux server must be able to resolve domain names from the domains dns server.
Authors¶ ↑
-
MÃ¥rten Cassel