Reading Time: 3 minutes
This tutorial will guide you on How to join an Ubuntu machine with Active Directory. To integrate the Ubuntu system with Active Directory you can use Samba and Windbind services.
If you use an AD server as LDAP you do not need to host a separate Linux LDAP server.
Use the following procedure to integrate an Ubuntu system with an AD domain.
Some examples in the tutorial use placeholder values to represent entities in your network configuration, such as the hostname of your Ubuntu system. You can Replace the placeholder values with information specific to your configuration. Please follow the below table.
Table of Contents
Prerequisites
- The Active Directory (AD) server is resolvable by DNS on the Linux system.
- The Network Time Protocol (NTP) is configured on the Linux system.
| Domain Server | : Windows Server 2019 |
| Domain Name | : testertechie.com |
| Hostname | : servername.testertechie.com |
| NetBIOS Name | : servername |
| Realm | : TESTERTECHIE.COM |
How to join an Ubuntu machine with Active Directory
Install winbind package
apt -y install winbind libpam-winbind libnss-winbind krb5-config samba-dsdb-modules samba-vfs-modules
Enter Domain Your Domain Name “testertechie.com” and select “Ok”. You can use “Tab” from the keyboard to navigate
Enter AD Server Name
mv /etc/samba/smb.conf /etc/samba/smb.conf.org
vi /etc/samba/smb.conf# create new
# replace [realm] and [workgroup] for your environment
[global] kerberos method = secrets and keytab realm = TESTERTECHIE.COM workgroup = TESTERTECHIE security = ads template shell = /bin/bash winbind enum groups = Yes winbind enum users = Yes winbind separator = + idmap config * : rangesize = 1000000 idmap config * : range = 1000000-19999999 idmap config * : backend = autorid
vi /etc/nsswitch.conf
# line 7 : add like follows
passwd: files systemd winbind
group: files systemd winbind
root@smb:~# vi /etc/pam.d/common-session
# add to the end if you need (auto create a home directory at initial login)
session optional pam_mkhomedir.so skel=/etc/skel umask=077
# change DNS setting to refer to AD
root@smb:~# vi /etc/netplan/01-netcfg.yaml
.....
.....
nameservers:
addresses: [10.0.0.100]
root@smb:~# netplan applyJoin in Windows Active Directory Domain.
net ads join -U Administrator
Password for [TESTERTECHIE\Administrator]:
Using short domain name — TESTERTECHIE
Joined ‘SMB’ to dns domain ‘TESTERTECHIE.COM‘
No DNS domain configured for smb. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
systemctl restart winbindnet ads info# show AD user list
root@smb:~# wbinfo -ussh username@hostnameid usernameIf you follow the above steps you can integrate the Ubuntu machine into Active Directory and we hope you learned How to join an Ubuntu machine with Active Directory
Common troubleshooting commands for winbind issue
rm -f /var/lock/subsys/winbindd
rm -f /var/run/winbindd.pid
net cache flush
service winbind restart;service smb restart
service smb start
You can follow the tutorial “How to join Centos 8 system with Active Directory“
If you have any questions on How to join an Ubuntu machine with Active Directory, Please write to us.
More details on Samba AD Integration can be found here