How to Join Ubuntu 22.04 to Active Directory Domain
Learn how to get Ubuntu Server 22.04.1 LTS joined to an Active Directory Domain.
You’ll also learn:
– how to fix Home directory Creation for Domain User logins
– How to allow RDP access to Domain Users
On Oct 19th, 2023, I found that this video is now linked from the Ubuntu Community Wiki: https://help.ubuntu.com/community/22.xx/Active_Directory
This video will step through the following:
00:01 – Introduction
02:02 – SSSD Documentation
02:55 – Install SSSD and adcli
04:17 – Join Ubuntu to Active Directory
04:44 – Confirm Computer acct in Zentyal UI
04:59 – Confirm Computer acct in AD Users and Computers
07:51 – Initial AD User Acct Login via Console
08:22 – Account login didn’t create homedir from skel
09:41 – Fix homedir for new AD user login
11:54 – AD User login with homedir from /etc/skel
13:57 – Access SMB Shares on Domain Controller
16:21 – Access homedir from Windows 11 Pro
18:22 – Initial RDP attempt using AD User
19:21 – Fix AD user RDP config to allow login
22:12 – AD User login via RDP
Additional Notes:
– at the 08:22 mark of the video, I show how to manually update the desktop to create the user homedirectory upon login. This can also be done with the following command:
sudo pam-auth-update –enable mkhomedir
============= REFERENCES/RESOURCES ===============
SSSD and Active Directory: https://ubuntu.com/server/docs/service-sssd-ad
SSSD Active Directory GPO Integration: https://sssd.io/design-pages/active_directory_gpo_integration.html
XRDP Installer (Gets sound working too!): https://c-nergy.be/products.html
Pam mount: https://manpages.ubuntu.com/manpages/jammy/man8/pam_mount.8.html
=======================================
Blog: https://dimensionquest.net
Feel free to tip me here https://ko-fi.com/DimensionQuest
If you wish to support this channel:
https://www.paypal.me/BurkeAzbill?locale.x=en_US
Disclaimers:
===========================================
Please note any non-English Subtitles are auto-translated.
This video was NOT sponsored by any vendor. Any paid products/services shown were paid for out of my own pocket.
The following are PAID affiliate links. Any revenue generated via the links below will help pay for systems and services used in the hosting and production of my content:
– – –
RackNerd VPS: https://bit.ly/dqRackNerd
Domain Registration, CPanel Shared Hosting, VPS, SSL via NameCheap: https://bit.ly/dqNameCheap
== My Gear – #AD Amazon Links:
As an Amazon Associate, I earn from qualifying purchases.
USB Capture Device: https://amzn.to/3NFvdpR
Standing Desk: https://amzn.to/3hBXFJG
34in Monitor: https://amzn.to/3HBCwKj
Thunderbolt 3 Dock: https://amzn.to/36W7YXb
== Workstation Build:
Full Tower Case: https://amzn.to/3vqJtKM
MB: https://amzn.to/3WSpNuY
CPU: https://amzn.to/3jCvij4
Cooler: https://amzn.to/3i1gyJW
Memory: https://amzn.to/3WQtBg5 (X2 for 128GB)
GPU: https://amzn.to/3G2f5v8
PSU: https://amzn.to/3PY54nf
Cache (nvme): https://amzn.to/3vn1qd2
OS (nvme): https://amzn.to/3vnDUwr
Data (SSD): https://amzn.to/3C9Ae5e (X2)
Keyboard: https://amzn.to/347VfPA
Mouse: https://amzn.to/3C8KzgH
Microphone: https://amzn.to/3JD4Myv
source
ubuntu
Hi i try to connect my ubuntu 22.04 on a windows server 2022. No problem for the realm but when i try id@mydomain.local …. user does not exist. When i do the realm connect i have an error:
Failed to update Kerberos configuration, not fatal, please check manually: Setting attribute standard::type not supported
Can you help me ?
Hello,
I don't have much experience in linux tools for infrastructure and authentication with Activity Directory.
Follow the steps explained in the video.
I'm trying to set up authentication via AD on Ubuntu 22.04.
The structure we use is as follows:
– we have a local AD with windows server 2019, I will nickname it DOMAIN1;
– an AD in another geographic location that we connect via VPN, I don't know which version of Windows, I'll call it DOMAIN2.
There is a two-way trust between the 2 domains.
On Windows machines authentication on both domains works perfectly.
In DOMAIN1 we have access permission as an administrator. Using the "sssd-ad sssd-tools realmd adcli" packages in Ubuntu 22.04 I was able to configure DOMAIN1 on the machine and login with DOMAIN1 users.
However, when trying to login with users who are in DOMAIN2, it is not possible to perform authentication. All of our users are in DOMAIN2, in DOMAIN1 we only have a few for specific cases.
I checked the possibility of configuring two domains, like here: https://www.thegeekdiary.com/how-to-configure-sssd-to-work-with-multiple-active-directory-domains-in-different-forests-centos-rhel/. However, for the command "adcli -vvv join –host-keytab=/etc/krb5.keytab.domain2.com domain2.com -U LinuxAD@domain2.com", the user needs to have administrator permission on DOMAIN2, being that I don't have access to a user with admin permission on DOMAIN2. DOMAIN2 is managed by another team, and, before bothering them, I would like to know if there is any way to configure it without needing a user with administrator permissions.
Is there a possibility to configure domains with bidirectional trust without having to perform the join procedure in DOMAIN2? Or something along those lines?
Thanks in advance for your help.
where did you get the config for the automatically mount share folders? i guess there is another tutorial for that no ?
is it really this complicated?
Really big thanks for this video!
This is exactly what I need, because the idea in our company is to connect Linux clients to the domain in such a way. But what about the rights? Developers who will work on Linux clients will need higher rights than an ordinary user. But with elevated rights, I'm afraid they could change domain-specific settings or add new local users, changing IP settings etc. How to prevent this?
Hello, how to set the ownership to "user:domain admins" while we have a space at domain admins group?
so once I follow these steps Should I be able to ping ubuntu computer by its hostanme from windows? I have a problem pinging ubuntu computer from windows. I can only do it with its ip. Any idea what might be happening?
Hello I have a question do you know if it works with microsoft azure?
Thx, very useful vid
!
Hi how are you? I follow the steps in the video but I can't login as a domain.
I have zentyal 7.0 and ubuntu 22. I was able to join the domain, but I can't log in with user@domain.
any ideas?
Hi, I have a question. Please can you help me. I created users in Active Directory and wanted to log in with the user I created. Linux is connected to the domain, but the user is not discovering. Where could be the cause. As system enters sssd status, it displays GSSAPI Error: Unspecified. I'm a beginner and I'm learning Ubuntu.