Add Ubuntu 16.04 to Windows AD domain

From Notes_Wiki

Home > Ubuntu > Server or Desktop administration > Add Ubuntu 16.04 to Windows AD domain

To add Ubuntu 16.04 to Windows AD domain use following steps:

  1. Edit /etc/hosts to have FQDN including domain name as first hostname against 127.0.0.1
  2. Restart machine
  3. Verify new hostname is coming using hostname command
  4. Setup correct search domain in /etc/resolv.conf using "search <domain>"
  5. Disable DNSMASQ using NetworkManager by commenting "dns=dnsmasq" in /etc/Networkmanager/NetworkManager.conf
  6. Then use:
    systemctl restart network-manager.service
  7. Then DNS set via network-manager or sent by DHCP should be visible in /etc/resolv.conf file
  8. Verify that SRV records for domain are accessible
    dig –t SRV _ldap._tcp.<domain> | grep –A2 "ANSWER SECTION"
  9. Setup ntp to synchronize time with AD server
    1. sudo apt -y install ntp
    2. Edit /etc/ntp.conf. Comment Ubuntu ntp servers and add domain DC as ntp server using:
      server <domain-controller> iburst prefer
    3. sudo systemctl restart ntp.service
    4. Verify that ntp is working properly by using "ntpq -p"
    5. sudo apt -y install ntpstat
    6. Run "ntpstat" to verify syncing is working correctly
  10. Install required packages
    sudo apt -y install realmd sssd adcli libwbclient-sssd krb5-user sssd-tools samba-common packagekit samba-common-bin samba-libs
    Enter domain name during package installation.
  11. Edit /etc/realmd.conf so that it has
    [active-directory]
    os-name = Ubuntu Linux
    os-version = 16.04
    [service]
    automatic-install = yes
    [users]
    default-home = /home/%u
    default-shell = /bin/bash
    [bce.com]
    user-principal = yes
    fully-qualified-names = no
  12. Use "realm discover" to discover AD domain
  13. Create kerberos ticket to be used later for joining domain
    kinit -V <ad-username>
    With ad-username which has privileges to join a machine to domain. We can always use administrator, if access to administrator account is available.
  14. Join domain using:
    sudo realm --verbose join -U <ad-username> <domain>
  15. Test using:
    id <ad-username>
    to see if Ubuntu machine joined AD domain successfully or not.


Refer:



Home > Ubuntu > Server or Desktop administration > Add Ubuntu 16.04 to Windows AD domain