How to join an ubuntu desktop into an active directory domain full video

January 21, 2021

#techs2support #ubuntu #ActiveDirectory #ubuntuActiveDirectory #microsoft
This video will show how to join an Ubuntu desktop into an active directory domain full video

Download the latest version of Ubuntu-
https://www.ubuntu.com/download/desktop

Install Ubuntu.(setup hostname when install,
example: UBUNTUVMACHINE)
Setup Static IP.
Open terminal,
CMD:sudo apt update
CMD:sudo apt-get install fping

Make sure your Ubuntu Desktop machine has access to the Active Directory domain and the Domain Controllers:
CMD:dig -t SRV _ldap._tcp.bmbdlocal.lan | grep -A2 “ANSWER SECTION”

;; ANSWER SECTION:
_ldap._tcp.bmbdlocal.lan. 600 IN SRV 0 100 389 Server2016.bmbdlocal.lan.

ping Active Directory domain and the Domain Controllers:

example:ping bmbdlocal.lan
example:ping server2016.bmbdlocal.lan

also

CMD:fping server2016.bmbdlocal.lan

server2016.bmbdlocal.lan is alive

Install all necessary packages:
CMD:sudo apt-get -y install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp

after ask type:BMBDLOCAL.LAN
then OK

Setup your ntp service to point to our domain timeservers:
CMD: sudo vi /etc/ntp.conf

…
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
server2016.bmbdlocal.lan
# Use Ubuntu’s ntp server as a fallback.
#server ntp.ubuntu.com
…

restart your ntp service:
CMD:sudo service ntp restart

Setting up realmd:
CMD: sudo vi /etc/realmd.conf
…
[users]
default-home = /home/%D/%U
default-shell = /bin/bash
[active-directory]
default-client = sssd
os-name = Ubuntu Desktop Linux
os-version = 14.04
[service]
automatic-install = no
[bmbdlocal.lan]
fully-qualified-names = no
automatic-id-mapping = yes
user-principal = yes
manage-system = no
…

Join the Ubuntu machine on the AD domain:
CMD:sudo kinit administrator@BMBDLOCAL.LAN

Password for administrator@BMBDLOCAL.LAN:

[You will not see any output while you type the password. That’s normal.]

Add the Ubuntu machine in the domain:
CMD:sudo realm –verbose join bmbdlocal.lan
–user-principal=UBUNTUVMACHINE/administrator@BMBDLOCAL.LAN –unattended

Setting up sssd:
CMD:sudo vi /etc/sssd/sssd.conf

Modify the access_provider = simple

access_provider = ad

Restart the sssd service:
CMD:sudo service sssd restart

Setup homedir auto-creation for new users:

CMD: sudo vi /etc/pam.d/common-session
…
session required pam_unix.so
session optional pam_winbind.so
session optional pam_sss.so
session optional pam_systemd.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
# end of pam-auth-update config
…

Check Active Directory users name resolution:
CMD:id domainuser(test1)

uid=951601106(test1) gid=951600513(domain users) groups=951600513(domain users)

Setting up LightDM for CLI mode ubuntu or linux:[no need for ubuntu GUI]
CMD: sudo vi /etc/lightdm/lightdm.conf
…
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
…

Final Check:
Restart the machine and try to login using the Ubuntu graphical login by domain user and password.

note: In case it does not work as expected, setup previous steps properly.