How to join Ubuntu 20.04 and Ubuntu 22.04 to active directory
To join an Ubuntu machine to an Active Directory domain, you will need to install a few necessary packages, and do abit of configs. Its simple.
Note:
-
- Make sure the Ubuntu machine can resolve the AD’s dns and can ping the AD server.
- Make sure the user you are using to join the domain has appropriate permissions to join computers.
- If you encounter any problem, please check the log files for more information about the error. You can alternatively post the error here on comments section
Here are the simple general steps to do this:
1. Configure proper IP address and hostname for the Ubuntu machine.
“Click on the links above to learn how to configure IP and hostname.”
2. Install necessary packages.
# apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
3. Check and Join Ubuntu to the domain.
# realm discover zmatech.com
(NOTE: Change zmatech.com to your actual domain name)
ro**@*****ch.com:~# realm discover zmatech.com
zmatech.com
type: kerberos
realm-name: ZMATECH.COM
domain-name: zmatech.com
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
ro**@*****ch.com:~#
# realm join zmatech.com -U admin
(NOTE: Replace admin with the correct user in your AD. The user must have appropriate permissions to add a device to AD)
4. Edit sssd.conf file.
# vi /etc/sssd/sssd.conf
Edit the lines below:
access_provider = simple (Replace ad with simple)
use_fully_qualified_names = False (Replace True with False)
ro**@*****ch.com:~# cat /etc/sssd/sssd.conf
[sssd]
domains = zmatech.com
config_file_version = 2
services = nss, pam
[domain/zmatech.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = ZMATECH.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = zmatech.com
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
ro**@*****ch.com:~#
Restart the sssd service.
# systemctl restart sssd
5. Run the following command so that a home directory is automatically created on login.
# pam-auth-update –enable mkhomedir
(Ensure Create home directory on login is checked)
6. Test
# realm list
ro**@*****ch.com:~# realm list
zmatech.com
type: kerberos
realm-name: ZMATECH.COM
domain-name: zmatech.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %*@*****ch.com
login-policy: allow-permitted-logins
permitted-logins:
permitted-groups:
ro**@*****ch.com:~#
# id us******@*****ch.com
SSH to ubuntu host from another machine
$ ssh username@ubuntu-ip-address
Enjoy!!!
you are super awesome! this worked!
You’re welcome, glad I could help!
Can you please post something similar for CentOS?
If you’re looking to join CentOS into Windows Active Directory, the guide I created for Rocky Linux 9 should work since they’re very similar in terms of configuration and steps. You can check out the URL HERE
Thank you so much!
The instructions for CentOS also worked 🙂