Search This Blog

Sunday, 4 December 2016

Ubuntu desktop join to Windows AD

Before we get started I need to point out a few things …

The following steps will be based on these specifications:


Install Ubuntu Desktop/Server

Update Ubuntu

sudo apt update
sudo apt dist-upgrade

NTP

  • ntp client which should point your nameserver to sync time.
sudo apt-get update  sudo apt-get dist-upgrade  sudo apt-get install ntp ntpdate

sudo vim /etc/ntp.conf

server 0.ubuntu.pool.ntp.org  server 1.ubuntu.pool.ntp.org  server 2.ubuntu.pool.ntp.org  server 3.ubuntu.pool.ntp.org  # Use Ubuntu's ntp server as a fallback.  server ntp.ubuntu.com
server 192.168.1.1 (your server IP)
 (or)
server 192.168.1.1 prefer iburst (High priority)

sudo service ntp start  sudo service ntp stop  sudo service ntp restart


Edit avahi config

If you don't do this you will get conflicts later when installing PBIS.

sudo nano /etc/avahi/avahi-daemon.conf

replace: #domain-name=local

with: domain-name=easygo

Install ssh:

sudo apt install ssh

Install PBIS:

  • Download install file >

LINK

(Download website: http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True)

  • Make install file executable >

sudo chmod +x Downloads/pbis-open-8.5.0.153.linux.x86_64.deb.sh

  • Execute install file

sudo ./Downloads/pbis-open-8.5.0.153.linux.x86_64.deb.sh

Install package for legacy links? -> no
Would you like to install now? -> yes

After install you might get a GUI tool asking you to join the domain. I prefer to close it and to continue via the terminal.

Restart avahi service

sudo service avahi-daemon restart

Join PC to domain

sudo domainjoin-cli join domain.local domain-administrator-username

So for our example it would be:

sudo domainjoin-cli join easygo administrator@easygo.com

You will be prompted for the Domain Administrator password and then should see "SUCCESS".

Restart ssh service

sudo service ssh restart

Set AD login settings

sudo /opt/pbis/bin/config UserDomainPrefix easygo
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
# sudo /opt/pbis/bin/config RequireMembershipOf easygo\\DomainUsers (if need to add to any specific group which has admin rights)

DomainUsers = Domain Users Security Group

Edit lightdm (login screen settings)

sudo vim /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf

  • Insert the following >

allow-guest=false
greeter-show-manual-login=true

… then Reboot

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)