Some questions for the issue:
1. If you manually clone a VM from template VM and manually run your script with root, after that, can domain user authetnication work?
2. Would you please add some lines in your script to write the execution to a log file so that we can check if the script was executed successfully?
When i run my script the log says it has run and i see the results in the sssd.conf file.
But im not able to login with domain account. i have to login with templateuser and run this command again.
/usr/sbin/realm permit -R my.domain.com -g ADgroupName
Then it works?
This is how the sssd.conf file looks like after deployment. (gets created when i do realm join)
config_file_version = 2
services = nss, pam
ad_domain = my.domain.com
krb5_realm = MY.DOMAIN.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = simple
simple_allow_groups = ADgroupName
Problem Solved with 5sec sleep between commands