Join Active Directory domain using SSSD on Ubuntu 14.04

Test connection to Active Directory domain and DC

dig -t SRV _ldap._tcp.xxx.com.sg
dig -t SRV _ldap._tcp.xxx.com.sg | grep -A2 "ANSWER SECTION"

 

Install Kerberos client and SSSD

sudo apt-get install krb5-user 
sudo apt-get install realmd sssd sssd-tools ntp adcli
sudo apt-get install samba-common samba-common-bin samba-libs packagekit samba

Enter your domain (ALL UPPERCASE)

XXX.COM.SG

Attempt authenticating with AD (DOMAIN IN UPPERCASE)

kinit xxx@XXX.COM.SG
klist

 

Configure realmd

sudo nano /etc/realmd.conf
[service]
automatic-install = no

[users]
default-home = /home/%D/%U
default-shell = /bin/bash

[xxx.com.sg]
computer-ou = OU=Computers,DC=xxx,DC=com,DC=sg
automatic-id-mapping = yes
fully-qualified-names = no
user-principal = yes
manage-system = no

Join this host to Active Directory domain

sudo realm discover xxx.com.sg
sudo realm --verbose join xxx.com.sg -U kim
sudo realm --verbose join xxx.com.sg -U kim --computer-ou="Computers"

 

Change access_provider = simple to ad

sudo nano /etc/sssd/sssd.conf 
access_provider = ad
sudo service sssd restart

 

Allow auto-creation of homedir for users

sudo nano /etc/pam.d/common-session
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

 

Check Active Directory user name resolution

id xxx@xxx.com.sg

 

For Graphical login.

sudo nano /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true

 

For samba

sudo nano /etc/samba/smb.conf 
[global]
workgroup = XXX
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = XXX.COM.SG
security = ads

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top