Ubuntu 20.04
Sponsored Link

Join in Active Directory Domain
2020/04/27
 
Join in Windows Active Directory Domain with Realmd.
This tutorial needs Windows Active Directory Domain Service in your LAN.
This example shows to configure on the environment below.
Domain Server : Windows Server 2019
NetBIOS Name : FD3S01
Domain Name : srv.world
Realm : SRV.WORLD
Hostname : fd3s.srv.world
[1] Install some required packages.
root@dlp:~#
apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit
[2] Join in Windows Active Directory Domain.
# change DNS settings to refer to AD

root@dlp:~#
vi /etc/netplan/01-netcfg.yaml
    nameservers:
        addresses: [10.0.0.100]

root@dlp:~#
netplan apply
# discover Active Directory domain

root@dlp:~#
realm discover SRV.WORLD

srv.world
  type: kerberos
  realm-name: SRV.WORLD
  domain-name: srv.world
  configured: no
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin

# join in Active Directory domain

root@dlp:~#
realm join SRV.WORLD

Password for Administrator:  
# AD Administrator password
# verify it's possible to get an AD user info or not

root@dlp:~#
id Serverworld@srv.world

uid=199601103(serverworld@srv.world) gid=199600513(domain users@srv.world) groups=199600513(domain users@srv.world)

# change setting if you need

root@dlp:~#
vi /etc/pam.d/common-session
# add to the end (create Home Dir automatically when initial login)

session optional        pam_mkhomedir.so skel=/etc/skel umask=077

# verify it's possible to switch to an AD user or not

root@dlp:~#
su - Serverworld@srv.world

Creating directory '/home/serverworld@srv.world'.
serverworld@srv.world@dlp:~$    
# just switched
[3] If you'd like to omit domain name for AD user, configure like follows.
root@dlp:~#
vi /etc/sssd/sssd.conf
# line 16: change

use_fully_qualified_names =
False
root@dlp:~#
systemctl restart sssd

root@dlp:~#
id Administrator

uid=199600500(administrator) gid=199600513(domain users) groups=199600513(domain users),199600572(denied rodc password replication group),199600519(enterprise admins),199600518(schema admins),199600520(group policy creator owners),199600512(domain admins)
Matched Content