For this tutorial I will be walking through how to use a tool called Realmd to connect an Ubuntu Server or Ubuntu Desktop system to a Windows Active Directory Domain.
In the past I wrote an article talking about how to use Powerbroker Identity Services to do the same thing, but the scope of the article was limited to the server version of Ubuntu only. Furthermore, it has since been my experience that PBIS is an unreliable solution at best.
Part of the confusion I have had on this issue in the last two years has been in thinking that there are only one or maybe two ways to make an Ubuntu Desktop/Server OS connect to a Microsoft Active Directory domain and they both used the same underlying stuff. In fact there are more like 10 different ways to do it all using a mix and match of different technologies.
Finally, I don’t like proprietary stuff. PBIS, while having a free version, was still proprietary. Today we will be using a suite of tools called SSSD. SSSD was created by Redhat and it’s opensource. Furthermore we will be using RealmD, which is a “wrapper” of sorts for SSSD that makes it easier to setup and configure. That’s the short of it. Let’s get started. (more…)
A couple of days ago I posted full instructions for integrating an Ubuntu 14.04 LTS server into your Microsoft Active Directory Windows Domain. This is a short follow-up to that post which can be found here:
To make my life easier I wrote three shell scripts that can be run to automate the majority of the setup. You simply run them in order as a root user on your linux server (sudo su). The first and third shell script initiate a server reboot at the end. These reboots are necessary. You will need to modify the second and third scripts with information from your environment. I have commented both explaining what needs to be changed.
Update 3/31/2016 – PBIS doesn’t work well as of late and this method has been superceded by this article here: http://www.kiloroot.com/add-ubuntu-14-04-server-or-desktop-to-microsoft-active-directory-domain-login-to-unity-with-domain-credentials/
Update 5/18/2014 – I created scripts to automate 90% of this process. I still recommend you read this post before just jumping in and using the scripts so that you know what exactly it is you are doing. However the scripts can save you a lot of time. You can get them by clicking here.
If you are like me and work in a mixed environment then the above topic is probably quite important to you. Especially if you also happen to be a security person for your organization and centralized account administration is a big deal.
In this tutorial, I will be walking through how to join an Ubuntu 14.04 LTS Server to a Windows Active Directory Domain. Furthermore, we will be adding a new domain group to the “sudoers” group on the box so that our Domain Admins will automatically have the ability to use sudo to administer your Ubuntu Servers as needed.
Additionally, we will also be making it easy for them to login (no appending of the domain onto their user account name) and giving them the more user-friendly BASH shell, rather than the default SH.
All commands reference the fictional domain “CONTOSO.COM” to make the syntax easier to understand. The Domain Controller (DC) for the domain will be at “192.168.0.100”. The domain controller is assumed to be running DNS services as this is tightly integrated with Active Directory. The name of the domain admin in the Windows domain is “admin”