Joining Ubuntu to Windows Domain

  • Post category:Linux / Ubuntu
  • Post last modified:July 24, 2024

In This article, we will discuss the best and recommended way to join Ubuntu to Active Directory Domain.

Joining Ubuntu to a domain involves integrating it into a Windows Active Directory (AD) domain environment, which allows centralized authentication and access control. Here are the steps typically involved:

Let’s start with the Newly Deployed Ubuntu VM:

Lab Details:

Domain Name: ashu.com

DC: DC.ashu.com

DC IP: 192.168.2.100

  • Open the Terminal:

 

 

 

 

 

  • Run the Command to Update the Update repository:
Sudo apt-get update
  • Install the below Samba and winbind packages:
sudo apt install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
  • When Prompted provide the DNA Name in ALL capital Letters.
  • Open the PAM Configuration Page and Select “Create Home Directory on Login”
Use space to select and then use Enter to Ok

 

 

 

 

 

  • Edit the /etc/nsswitch.conf using the command below:
sudo nano /etc/nsswitch.conf
  • Add the below Information in the File:
passwd: compat winbind 
group: compat winbind 
shadow: compat 
gshadow: files
Before Changes
After Changes
  • Save the file using Ctrl+X and then Shift + Y
  • Change the Network Settings
  • Select the Network:
  • Change the setting below and add the DNS Server information:
  • Edit the configuration file for your system connection located in /etc/NetworkManager/system-connections.
cd /etc/NetworkManager/system-connections
  • Make sure that you have the information added below:
  • Specify the DNS server by editing the /etc/resolv.conf configuration file:
  • Reboot the machine and log back in.
  • Edit the /etc/hosts configuration file,
127.0.0.1 localhost 
127.0.1.1 myhost.mydomain.com myhost
  • Edit the /etc/samba/smb.conf configuration file:
  • Restart the smbd service using the command:
sudo systemctl restart smbd.service
  • Edit the /etc/krb5.conf configuration file
[libdefaults]
       default_realm = MYDOMAIN.COM
       dns_lookup_realm = true
       dns_lookup_kdc = true
[realms]
       MYDOMAIN.COM = {
             kdc = ads-hostname
             admin_server = ads-hostname 
       }
 [domain_realm]
       .mydomain.com = MYDOMAIN.COM
       mydomain.com = MYDOMAIN.COM
  • Now you can Join your Ubuntu desktop to the AD domain.
  • Initiate a Kerberos ticket.
sudo kinit admin-user
  • Verify that the ticket using
sudo klist
  • Create a Kerberos keytab file.
sudo net ads keytab create -U admin-user
  • Join the Ubuntu to Domain:
sudo net ads join -U admin-user
  • Restart the Winbind service.
  • Verify the Winbind service, run the following commands, and check 
wbinfo -u
wbinfo -g
getend passwd
getend group
  • Reboot your system and log back in.

Now your Ubuntu Machine should be Joined to the Domain.

Ashutosh Dixit

I am currently working as a Senior Technical Support Engineer with VMware Premier Services for Telco. Before this, I worked as a Technical Lead with Microsoft Enterprise Platform Support for Production and Premier Support. I am an expert in High-Availability, Deployments, and VMware Core technology along with Tanzu and Horizon.

This Post Has 3 Comments

  1. admin March 17, 2020 Reply

    Thank you for your valuable feedback !!

  3. Brianrag April 6, 2020 Reply

    Thanks, this site is very valuable.

Leave a Reply to adminCancel reply