Skip to main content

Guide: Integrating Ubuntu to Active Directory

·289 words·2 mins

Ubuntu Active Directory Integration Guide
#

This document provides a step-by-step procedure for joining an Ubuntu machine to a Windows Domain using sssd and realmd.

Prerequisites
#

  • An Ubuntu machine with internet or local network access.
  • Root or sudo privileges.
  • The FQDN (Fully Qualified Domain Name) of your Active Directory.

1. Time Synchronization
#

Active Directory relies on Kerberos, which requires the system clock to be synchronized with the Domain Controller (DC). Use Chrony for reliable NTP management.

sudo apt install chrony -y

2. Install Required Dependencies
#

Update the local package index and install the tools needed for domain discovery and authentication.

sudo apt update
sudo apt install sssd-ad sssd-tools realmd adcli libpam-sss libnss-sss \
samba-common-bin oddjob oddjob-mkhomedir packagekit -y

3. Domain Discovery and Enrollment
#

Verify the domain is reachable and then join the machine to the AD environment.

Discover Domain
#

realm discover <yourdomain.com>

Join Domain
#

Once discovered, use a domain administrator account to enroll the machine:

sudo realm join -U 'Administrator' <yourdomain.com>

4. SSSD Configuration
#

By default, SSSD requires the use of fully qualified names (e.g., user@domain.com). To allow users to log in with just their username, modify the configuration.

  1. Open the SSSD config file:
sudo nano /etc/sssd/sssd.conf
  1. Set the following value to False:
use_fully_qualified_names = False
  1. Restart the service to apply changes:
sudo systemctl restart sssd

5. Enable Automated Home Directory Creation
#

This ensures that the first time a domain user logs in, the system automatically creates their /home/ directory.

sudo pam-auth-update --enable mkhomedir

Verification
#

To confirm the integration is successful, use the id command to look up a domain user:

id <domain_username>

If successful, the system will return the UID, GID, and group memberships retrieved from the Active Directory.

Royce Chua
Author
Royce Chua
IT Professional | Aspiring Network Engineer | Linux Enthusiast | Home Labber | Coffee & Music