How to join Ubuntu 20.04 to active directory
To join an Ubuntu 20.04 machine to an Active Directory domain, you will need to install a few necessary packages, and do abit of configs. Its simple.
Note:
-
- Make sure the Ubuntu machine can resolve the AD’s dns and can ping the AD server.
- Make sure the user you are using to join the domain has appropriate permissions to join computers.
- If you encounter any problem, please check the log files for more information about the error. You can alternatively post the error here on comments section
Here are the simple general steps to do this:
1. Configure proper IP address and hostname for the Ubuntu machine.
“Click on the links above to learn how to configure IP and hostname.”
2. Install necessary packages.
# apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
3. Check and Join Ubuntu to the domain.
# realm discover zmatech.com
(NOTE: Change zmatech.com to your actual domain name)
root@zmatech.com:~# realm discover zmatech.com
zmatech.com
type: kerberos
realm-name: ZMATECH.COM
domain-name: zmatech.com
configured: no
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
root@zmatech.com:~#
# realm join zmatech.com -U admin
(NOTE: Replace admin with the correct user in your AD. The user must have appropriate permissions to add a device to AD)
4. Edit sssd.conf file.
# vi /etc/sssd/sssd.conf
Edit the lines below:
access_provider = simple (Replace ad with simple)
use_fully_qualified_names = False (Replace True with False)
root@zmatech.com:~# cat /etc/sssd/sssd.conf
[sssd]
domains = zmatech.com
config_file_version = 2
services = nss, pam
[domain/zmatech.com]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = ZMATECH.COM
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = zmatech.com
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = simple
root@zmatech.com:~#
Restart the sssd service.
# systemctl restart sssd
5. Run the following command so that a home directory is automatically created on login.
# pam-auth-update –enable mkhomedir
(Ensure Create home directory on login is checked)
6. Test
# realm list
root@zmatech.com:~# realm list
zmatech.com
type: kerberos
realm-name: ZMATECH.COM
domain-name: zmatech.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: sssd-tools
required-package: sssd
required-package: libnss-sss
required-package: libpam-sss
required-package: adcli
required-package: samba-common-bin
login-formats: %U@zmatech.com
login-policy: allow-permitted-logins
permitted-logins:
permitted-groups:
root@zmatech.com:~#
# id username@zmatech.com
SSH to ubuntu host from another machine
$ ssh username@ubuntu-ip-address
Enjoy!!!