How to join Ubuntu 20.04 and Ubuntu 22.04 to active directory

To join an Ubuntu machine to an Active Directory domain, you will need to install a few necessary packages, and do abit of configs. Its simple.

Note:

    • Make sure the Ubuntu machine can resolve the AD’s dns and can ping the AD server.
    • Make sure the user you are using to join the domain has appropriate permissions to join computers.
    • If you encounter any problem, please check the log files for more information about the error. You can alternatively post the error here on comments section

Here are the simple general steps to do this:

1. Configure proper IP address and hostname for the Ubuntu machine.
“Click on the links above to learn how to configure IP and hostname.”

2. Install necessary packages.

# apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit 

3. Check and Join Ubuntu to the domain.

# realm discover zmatech.com

(NOTE:  Change zmatech.com to your actual domain name)

root@zmatech.com:~# realm discover zmatech.com
zmatech.com
type: kerberos
realm-name: ZMATECH.COM
domain-name: zmatech.com
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
root@zmatech.com:~#

# realm join zmatech.com -U admin

(NOTE:  Replace admin with the correct user in your AD.  The user must have appropriate permissions to add a device to AD)

4. Edit sssd.conf file.

# vi /etc/sssd/sssd.conf

Edit the lines below:

access_provider = simple    (Replace ad with simple)
use_fully_qualified_names = False (Replace True with False)

root@zmatech.com:~# cat /etc/sssd/sssd.conf
[sssd]
domains = zmatech.com
config_file_version = 2
services = nss, pam
[domain/zmatech.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = ZMATECH.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = zmatech.com
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
root@zmatech.com:~#

Restart the sssd service.

#  systemctl restart sssd

5. Run the following command so that a home directory is automatically created on login.

# pam-auth-update –enable mkhomedir

(Ensure Create home directory on login is checked)


6.  Test

# realm list

root@zmatech.com:~# realm list
zmatech.com
type: kerberos
realm-name: ZMATECH.COM
domain-name: zmatech.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U@zmatech.com
login-policy: allow-permitted-logins
permitted-logins:
permitted-groups:
root@zmatech.com:~#

# id username@zmatech.com

SSH to ubuntu host from another machine

$ ssh username@ubuntu-ip-address

 

Enjoy!!!

 

5 Comments
  1. Shan Mas 9 months ago

    you are super awesome! this worked!

    • Author
      Admin 9 months ago

      You’re welcome, glad I could help!

  2. Shan Mas 9 months ago

    Can you please post something similar for CentOS?

    • Author
      Admin 9 months ago

      If you’re looking to join CentOS into Windows Active Directory, the guide I created for Rocky Linux 9 should work since they’re very similar in terms of configuration and steps. You can check out the URL HERE

      • Shan Mas 9 months ago

        Thank you so much!
        The instructions for CentOS also worked 🙂

Leave a reply

Your email address will not be published. Required fields are marked *

*

©2023 ZMATECH: Innovative solutions for your IT challenges.

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?