3

Good day. Over the last few days I have gone through every guide I could find for joining Ubuntu 18.04 to a windows domain. I have what I think is a working guide after much trial and error. Would appreciate if others could verify. So far I have had 100% success and a colleague has also had success.

Potential improvements may involve home directory settings.

apt -y install realmd sssd sssd-tools libnss-sss libpam-sss adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

vim /etc/netplan/01-netcfg.yaml

#Indentation is IMPORTANT

Static IP

network:
    version: 2
    renderer: networkd
    ethernets:
            eth0: #Change this to the active adapter
                    addresses: [192.168.1.1/24] # Static IP and cidr for THIS server
                    gateway4: 192.168.1.1 # Gateway
                    nameservers:
                            search: [contoso.com, contoso]
                            addresses: [192.168.1.2]  # DNS IP

DHCP

network:
    version: 2
    renderer: networkd
    ethernets:
            eth0: #Change this to the active adapter
                    dhcp4: true

netplan apply
netplan try
realm discover contoso.com
realm join -U %AD Admin Account% CONTOSO.COM

#More specific join command

realm join -U %AD Admin Account% --computer-ou %OU Path%

Move object to correct OU if not using specified method. If object already exists it will not work. For my large AD environment it took a while for it to show in my DC since I did not specify the DC.

vim /etc/sssd/sssd.conf

use_fully_qualified_names = False #Change True to False if you want.

systemctl restart sssd

su - admin

#Example - If your AD name and local Sudo account are the same a conflict can occur. You will need to do:

su - domain//%username%

id admin

https://www.server-world.info/en/note?os=Ubuntu_18.04&p=realmd

Netplan: https://netplan.io/examples

Scott Connary
  • 31

1 Answers1

1

I'm not sure i this is the right place to share my experience. I have resolved a very long lasting problem, and wanted to post about it. Ubuntu 18.04 sssd ad integration works fine but a couple of hours later, ad users cannot login anymore, doing nothing some time later they can login.

I have been crazy for the last 6 months to figure out why their login are rejected. The error was "Realm not local to KDC". But i'm 100% sure it is local to KDC. I haven't find a clue until I turned on sssd debug 9.

In a multi domain environment sssd-ad auto discovery returns domain controllers (kdc) other than the dc's of ad_domain which is set in sssd.conf Of course the realm of the login is not local for the other domains.

Shortly if you are experiencing this specific problem, set ad_server = dc.yourdomain.com in sssd.conf. Don't trust sssd auto discovery in multi domain environment.

Selman Ke
  • 11