forked from SUSE/suse-best-practices
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMAIN-SBP-SLES-MFAD.xml
776 lines (658 loc) · 31.5 KB
/
MAIN-SBP-SLES-MFAD.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
<?xml version="1.0" encoding="UTF-8"?>
<!--<?oxygen RNGSchema="http://www.oasis-open.org/docbook/xml/5.0/rng/docbook.rng" type="xml"?>-->
<!DOCTYPE article [
<!ENTITY % entity SYSTEM "entity-decl.ent">
%entity;
]>
<article role="sbp" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="art-sbp-sles-msaadds" xml:lang="en">
<info>
<meta name="series">SUSE Best Practices</meta>
<meta name="category">Server</meta>
<title>Joining a Microsoft Azure Active Directory Domain Services Managed Domain</title>
<subtitle>with SUSE Linux Enterprise Server</subtitle>
<!-- <orgname>SUSE Best Practices</orgname>-->
<productname>SUSE Linux Enterprise Server, Microsoft Azure</productname>
<!--<productname>Microsoft Azure</productname>-->
<productnumber/>
<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
<dm:bugtracker>
<dm:url>https://github.com/SUSE/suse-best-practices/issues/new</dm:url>
<dm:product>Joining a SUSE Linux Enterprise Server to a Microsoft
Azure Active Directory Domain Services Managed Domain</dm:product>
</dm:bugtracker>
<dm:editurl>https://github.com/SUSE/suse-best-practices/edit/main/xml/</dm:editurl>
</dm:docmanager>
<meta name="platform">SUSE Linux Enterprise Server</meta>
<meta name="platform">Microsoft Azure Active Directory Domain Services</meta>
<authorgroup>
<author>
<personname>
<firstname>Kirk</firstname>
<surname>Evans</surname>
</personname>
<affiliation>
<jobtitle>Principal Program Manager AzureCAT</jobtitle>
<orgname>Microsoft</orgname>
</affiliation>
</author>
<!-- <author>
<personname>
<firstname>Kirk</firstname>
<surname>Evans</surname>
</personname>
<affiliation>
<jobtitle>Principal Program Manager AzureCAT</jobtitle>
<orgname>Principal Program Manager AzureCAT</orgname>
</affiliation>
</author>
<editor>
<orgname></orgname>
</editor>
<othercredit>
<orgname></orgname>
</othercredit>-->
</authorgroup>
<!--
<meta name="series">SUSE Best Practices</meta>
<meta name="category"></meta>
<meta name="platform"></meta>
<meta name="platform"></meta>
<authorgroup>
<author>
<personname>
<firstname></firstname>
<surname></surname>
</personname>
<affiliation>
<jobtitle></jobtitle>
<orgname></orgname>
</affiliation>
</author>
<author>
<personname>
<firstname></firstname>
<surname></surname>
</personname>
<affiliation>
<jobtitle></jobtitle>
<orgname></orgname>
</affiliation>
</author>
<editor>
<orgname></orgname>
</editor>
<othercredit>
<orgname></orgname>
</othercredit>
</authorgroup>-->
<cover role="logos">
<mediaobject>
<imageobject role="fo">
<imagedata fileref="suse.svg" width="5em" align="center" valign="bottom"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="suse.svg" width="152px" align="center" valign="bottom"/>
</imageobject>
</mediaobject>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="microsoft.svg" width="5em" align="center" valign="bottom"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="microsoft.svg" width="152px" align="center" valign="bottom"/>
</imageobject>
</mediaobject>
</cover>
<date>January 23, 2018</date>
<abstract>
<para>This article will show how to use Azure Active Directory
Domain Services, providing Active Directory capabilities as
a managed service in Microsoft Azure to enable NTLM,
Kerberos, and LDAP capabilities with SUSE Linux Enterprise
Server .</para>
<para>
<emphasis role="strong">Disclaimer: </emphasis>
Documents published as part of the SUSE Best Practices series have been contributed voluntarily
by SUSE employees and third parties. They are meant to serve as examples of how particular
actions can be performed. They have been compiled with utmost attention to detail. However,
this does not guarantee complete accuracy. SUSE cannot verify that actions described in these
documents do what is claimed or whether actions described have unintended consequences.
SUSE LLC, its aliates, the authors, and the translators may not be held liable for possible errors
or the consequences thereof.
</para>
</abstract>
</info>
<sect1 xml:id="sec-background">
<title>Background</title>
<para>If you want to use Microsoft Azure AD Domain Services with
Linux to test your product, you will struggle to find
easy-to-use documentation. Documentation that shows how to walk
through this end to end does not exist. And there is no general
step-by-step explanation for Linux distributions available, as
the package management systems for the different Linux
distributions differ from each other. SUSE Linux Enterprise
Server uses <command>zypper</command>, Red Hat
Enterprise Linux uses <command>yum</command>, Ubuntu
uses <command>apt-get</command>. </para>
<para>In addition, the packages to use and the instructions for
configuring are often hard to understand. However, it turns out
it is quite easy to domain join a machine using SUSE Linux
Enterprise Server.</para>
</sect1>
<sect1 xml:id="sec-azure-ad-domain-services">
<title>What is Microsoft Azure Active Directory Domain
Services</title>
<para>The Azure Active Directory service does not directly provide
NTLM, Kerberos, or LDAP services, while by default it provides
WS-Trust, OpenID Connect, and OAuth capabilities. Applications
hosted in Azure virtual machines however may need these
authentication capabilities but cannot afford the latency of
communicating back to on-premises infrastructure, requiring
domain controllers to be hosted in the cloud. Many customers do
not want to install their own domain controllers in
cloud-hosted virtual machines, configure a VPN or ExpressRoute,
and manage AD replication to on-premises domain
controllers.</para>
<para>This is exactly what Azure AD Domain Services (AAD-DS)
provides: a managed domain controller with the same users and
groups as you have in your Azure Active Directory (AAD).
AAD-DS makes it easy to join a virtual machine to the managed
domain so that your application can use NTLM, Kerberos, or LDAP
with the same credentials that they use to log in to Office 365
or Azure services. </para>
<para>Azure AD Domain Services will provision managed domain
controllers into the Azure Virtual Network that you specify. In
the image below, the managed domain controller virtual machines
are greyed out. This indicates they are there but you cannot
access them or do anything with the virtual machine directly.
You simply use the familiar Windows Active Directory Domain
Services (ADDS) as a service.</para>
<figure>
<title>Microsoft Azure AAD-DS Overview </title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-aad-ds-overview.png"
width="80%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-aad-ds-overview.png"
width="80%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>In this picture, you see that AAD-DS is enabled for the
directory, creating two virtual machines in the subnet of
choice. The application server can now communicate with those
domain controllers to domain join the machine and enable
authentication and authorization. Azure AD Domain Services
works with either cloud-only or hybrid directories. If there is
an existing ADDS infrastructure on-premises, you synchronize
users to the AAD directory using HTTPS to enable single sign on
to cloud resources such as Microsoft Office 365. </para>
</sect1>
<sect1 xml:id="sec-getting-started">
<title>Getting Started</title>
<para>The documentation how to set up Azure AD Domain Services is
easy to follow. You do not need to install any software on your
machine, and you do not need to perform any local
configuration. Go to the Azure portal and follow the directions
given in the article <quote>Enable Azure Active Directory
Domain Services using the Azure portal</quote> at <link
xlink:href="https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started"
/></para>
<para>As result, you get an Azure classic virtual network with the
settings you chose.</para>
<figure>
<title>Azure Classic Virtual Network Settings</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-cvn-settings.png" width="70%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-cvn-settings.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<note>
<title>Classic VNets</title>
<para>At the time of writing this document, AAD-DS only
supports classic VNets.</para>
</note>
<para>If you need to add users or groups, do this using Azure
Active Directory.</para>
<figure>
<title>Microsoft Azure AD - Adding Users</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-add-users.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-add-users.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>You can also create a group that contains the users who are
administrators of the AAD-DS domain, enabling them to configure
tasks like service principals and constrained
delegation.</para>
<figure>
<title>Microsoft Azure AD - Adding Groups</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-configure-groups.png"
width="80%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-configure-groups.png"
width="80%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>Now you can add a Windows virtual machine to the same virtual
network and join the machine to the domain
blueskyabove.onmicrosoft.com. </para>
<para>Keep in mind that the example at hand is using a cloud-only
directory. There are no users sourced from on-premises. When
you are prompted by Windows for the credentials to join a
machine to the domain, use your cloud-only account
[email protected]. When you connect to your new
Windows VM using Remote Desktop Connection (RDC), use the same
credentials:</para>
<figure>
<title>Windows Virtual Machine - Enter Credentials</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-credentials.png" width="40%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-credentials.png" width="40%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>When you are logged in, open PowerShell and run the
command:</para>
<screen>Add-WindowsFeature -Name RSAT-ADDS-Tools</screen>
<para>This command will add the Active Directory tools such as
<quote>Users and Computers</quote>. Now you can view the
domain information from your new Windows virtual
machine.</para>
<figure>
<title>Active Directory Users and Computers</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-domain-info.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-domain-info.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>Your Windows environment is now prepared and ready. The next
chapter explains how to create your Linux virtual machine. </para>
</sect1>
<sect1 xml:id="sec-create-sles-vm">
<title>Create a SUSE Linux Enterprise Server Virtual
Machine</title>
<para>In the Azure portal, create a new SUSE Linux Enterprise
Server virtual machine in the same VNet that you used
previously. Filter for <quote>SUSE</quote> and choose your
starting ISO image. In this example, SLES 11 SP4 has been
chosen. </para>
<figure>
<title>Select SUSE Linux Enterprise Server ISO Image</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-create-slesvm.png"
width="80%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-create-slesvm.png"
width="80%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<important>
<title>Classic Deployment</title>
<para>Make sure to create a VM using the <quote>Classic</quote>
deployment model so that it can be placed in the same
Vnet!</para>
<figure>
<title>Select Deployment Model</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-create-classic.png"
width="50%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-create-classic.png"
width="50%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
</important>
<para>The next step enables you to provide your SSH login
information and SSH public key. For more information about SSH
keys, refer to the article <quote>How to create and use an SSH
public and private key pair for Linux VMs in Azure</quote>
at <link
xlink:href="https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys"
>https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys</link>.</para>
<figure>
<title>Add SSH Public Key</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-ssh-info.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-ssh-info.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>Choose a size for the Virtual Machine. For the example at
hand, a DS1_v2 machine is big enough.</para>
<figure>
<title>Virtual Machine Size</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-ds1-v2-demo.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-ds1-v2-demo.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>Now create or choose a storage account and cloud service. For
the example at hand, the same cloud service is used as with the
Windows Virtual machine above. </para>
<important>
<title>Virtual Network</title>
<para>Use the same virtual network that is configured for Azure
AD Domain Services.</para>
</important>
<figure>
<title>Storage and Network Settings </title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-storage-account.png"
width="40%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-storage-account.png"
width="40%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>After a few minutes, the VM is created and you can connect to
it via SSH. Use the Windows Subsystem for Linux, open a command
prompt and type <command>bash</command> to open the bash shell.
Then you can run your SSH commands.</para>
</sect1>
<sect1 xml:id="sec-ssh-certificate">
<title>Connect Via SSH Using Your Certificate</title>
<para>You have not yet joined the new SUSE Linux Enterprise Server
VM to the domain. To do so, connect to it via SSH using the
details you provided when creating the Azure VM.</para>
<para>When the VM is created, open the VM to see its public IP
address.</para>
<figure>
<title>Virtual Machine Overview</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-public-ip.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-public-ip.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<note>
<title>Public IP</title>
<para>The public IP can change if you restart the Azure virtual
machine.</para>
</note>
<para>Go to the <quote>Endpoints</quote> property of the VM to see
which port to use for SSH.</para>
<figure>
<title>Virtual Machine Endpoints</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-ssh-port.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-ssh-port.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>Now type the following SSH command to access your virtual
machine:</para>
<screen>ssh -i azure_ssh [email protected] -p 60252</screen>
<figure>
<title>Connect Via SSH</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-ssh.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-ssh.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
</sect1>
<sect1 xml:id="sec-join-sles-yast">
<title>Domain Join SUSE Linux Enterprise Server Using YaST</title>
<para>Now that you can access the SUSE Linux Enterprise Server
virtual machine, you need to join to the domain controller that
Azure AD Domain Services provides. Since the VM is in the same
VNet and you have updated the DNS settings for the VNet, the
new Linux machine can locate the domain controller by name
without any further configuration with the command
<command>sudo /sbin/yast</command>:</para>
<screen>myadmin@kirke-suse-aad:~> sudo /sbin/yast</screen>
<para>This command opens the YaST Control Center. Choose
<quote>Network Services</quote> and <quote>Windows Domain
Membership</quote>.</para>
<figure>
<title>YaST Control Center - Overview</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-yast-control.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-yast-control.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>You are prompted to install the Samba client packages.</para>
<figure>
<title>YaST Control Center - Samba Client Packages</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-samba-client.png" width="80%"
format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-samba-client.png" width="80%"
format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>Next, provide your domain as all capital letters, and enable
the settings in the top section to enable users to SSH to the
machine using their credentials from Azure AD. </para>
<note>
<title>Custom Domain</title>
<para>For the example at hand, a cloud-only directory without a
custom domain is used. If you added and verified a custom
domain, and have users from that custom domain in your AAD
directory from a synchronization, then you should use your
custom domain.</para>
</note>
<figure>
<title>YaST Control Center - Windows Domain Membership</title>
<mediaobject>
<imageobject role="fo">
<imagedata
fileref="azure-windows-domain-membership.png"
width="80%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata
fileref="azure-windows-domain-membership.png"
width="80%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<note>
<title>Backspace</title>
<para>If <quote>Backspace</quote> does not work, use <emphasis
role="strong">CTRL+H</emphasis> to backspace.</para>
</note>
<para>When you are done, exit and reboot the VM.</para>
<note>
<title>YaST</title>
<para>If you want to understand in detail what the YaST tool
did in the background, read the article <quote>How to
integrate SUSE Linux Enterprise 11 with Windows Active
Directory</quote> at <link
xlink:href="https://jreypo.wordpress.com/2012/02/01/how-to-integrate-suse-linux-enterprise-11-with-windows-active-directory/"
>https://jreypo.wordpress.com/2012/02/01/how-to-integrate-suse-linux-enterprise-11-with-windows-active-directory/</link>
/>.This article provides a comprehensive look at the files
it edited and the values it used.</para>
</note>
<para>You can now log in using the same credentials that you use to
log in to Azure AD:</para>
<screen>ssh blueskyabove\\[email protected] -p 62075</screen>
<para>Connect via SSH using your credentials from Azure AD. A home
directory has been created for the user. </para>
<figure>
<title>Connect from Azure AD Via SSH</title>
<mediaobject>
<imageobject role="fo">
<imagedata fileref="azure-ssh-home-directory.png"
width="80%" format="PNG"/>
</imageobject>
<imageobject role="html">
<imagedata fileref="azure-ssh-home-directory.png"
width="80%" format="PNG"/>
</imageobject>
</mediaobject>
</figure>
<para>The user is not contained in the <quote>sudo-ers</quote>
group. It is possible to enable users from a particular Active
Directory group to use <command>sudo</command>. For more
information regarding this topic, read the article
<quote>Adding AD domain groups to /etc/sudoers</quote> at
<link
xlink:href="https://derflounder.wordpress.com/2012/12/14/adding-ad-domain-groups-to-etcsudoers/"
>https://derflounder.wordpress.com/2012/12/14/adding-ad-domain-groups-to-etcsudoers/</link>
.</para>
</sect1>
<sect1 xml:id="sec-more-info">
<title>More Information</title>
<para>For more detailed information, have a look at the following
articles:</para>
<itemizedlist>
<listitem>
<para>
<link
xlink:href="https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-getting-started"
>Enable Azure Active Directory Domain Services
Using the Azure Portal</link>
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://docs.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys"
>How to create and use an SSH public and private
key pair for Linux VMs in Azure</link>
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-join-rhel-linux-vm"
>Join a Red Hat Enterprise Linux 7 virtual machine
to a managed domain</link>
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://jreypo.wordpress.com/2012/02/01/how-to-integrate-suse-linux-enterprise-11-with-windows-active-directory/"
>How to integrate SUSE Linux Enterprise 11 with
Windows Active Directory</link>
</para>
</listitem>
<listitem>
<para>
<link
xlink:href="https://derflounder.wordpress.com/2012/12/14/adding-ad-domain-groups-to-etcsudoers/"
>Adding AD Domain Groups to /etc/sudoers</link>
</para>
</listitem>
</itemizedlist>
</sect1>
<!--
<sect1 xml:id="sec-legal-notice">
<title>Legal Notice</title>
<para>Copyright ©2006– 2017 SUSE LLC and contributors. All
rights reserved. </para>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License,
Version 1.2 or (at your option) version 1.3; with the Invariant
Section being this copyright notice and license. A copy of the
license version 1.2 is included in the section entitled
<quote>GNU Free Documentation License</quote>.</para>
<para>SUSE, the SUSE logo and YaST are registered trademarks of
SUSE LLC in the United States and other countries. For SUSE
trademarks, see <link
xlink:href="http://www.suse.com/company/legal/"
>http://www.suse.com/company/legal/</link>. Linux is a
registered trademark of Linus Torvalds. All other names or
trademarks mentioned in this document may be trademarks or
registered trademarks of their respective owners.</para>
<para>This article is part of a series of documents called "SUSE
Best Practices". The individual documents in the series were
contributed voluntarily by SUSE's employees and by third
parties.</para>
<para>The articles are intended only to be one example of how a
particular action could be taken. They should not be understood
to be the only action and certainly not to be the action
recommended by SUSE. Also, SUSE cannot verify either that the
actions described in the articles do what they claim to do or
that they don't have unintended consequences.</para>
<para>Therefore, we need to specifically state that neither SUSE
LLC, its affiliates, the authors, nor the translators may be
held liable for possible errors or the consequences thereof.
Below we draw your attention to the license under which the
articles are published.</para>
</sect1>-->
<?pdfpagebreak style="sbp" formatter="fop"?>
<xi:include href="sbp-legal-notice.xml"/>
<?pdfpagebreak style="sbp" formatter="fop"?>
<xi:include href="license-gfdl.xml"/>
</article>