Tech

Join Ubuntu to Active Directory

Join Ubuntu to Active Directory
Photo by Gabriel Heinzer / Unsplash

Install Necessary Packages

First, let's ensure you have all the necessary software packages for the domain join. Open a terminal and execute the following commands:

sudo apt install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp

Specify the default Kerberos version 5 realm and enter your AD domain name, in uppercase.

Discover the Domain

 

You can use the realm discover command to gather information about the domain:

realm discover YOUR_DOMAIN.COM [server.local]

Join the Domain

 

To join the domain, employ the realm join command. You'll need to provide a username with adequate permissions:

sudo realm join -U 'yourusername' yourdomain.com

Replace yourusername with your actual username and yourdomain.com with your actual domain

Verify the Domain Join

 

You can verify that the domain join was successful by using the realm list command

realm list

This should display information about the domain, including the domain name and the configured settings

Configuring SSSD

 

In some cases, you might need to configure SSSD for certain services to work properly. To do this, edit the /etc/sssd/sssd.conf file and add the following.

[sssd]
services = nss, pam
config_file_version = 2
domains = YOUR_DOMAIN.COM
[domain/YOUR_DOMAIN.COM]
id_provider = ad
access_provider = ad

Replace "YOUR_DOMAIN.COM" with your actual domain. After saving the changes, restart the SSSD service to apply the changes.

sudo systemctl restart sssd

Login

 

To connect to the Linux host, perform the below

On the terminal windows using ssh

ssh [email protected]@localhost  [ssh [email protected]@IPaddress]

optional: if you are login to the local account and you want to change to the domain account, do the following

su – [email protected] [su [email protected]]

Grant sudo access to a domain user or group

 

To grant sudo access to a domain user or group, edit the /etc/sudoers file. This file controls who can use the sudo command to gain administrative privileges. Scroll down to the user privilege specification section and add the necessary lines for domain users and groups.

User privilege specification (for users)

root   ALL=(ALL:ALL) ALL [local user]

username@DOMAIN    ALL=(ALL:ALL) ALL [domain users]

Below this section, add a line for the domain group. It should look like this, where group is the name of the domain group and DOMAIN is your domain.

%group@DOMAIN    ALL=(ALL:ALL) ALL [domain group]

%Domain\ Admins@DOMAIN    ALL=(ALL:ALL) ALL

Note: The % symbol at the beginning of the group name is important – it specifies that this entry refers to a group, not a user

Read more