Ubuntu Active Directory Integration Guide#
This document provides a step-by-step procedure for joining an Ubuntu machine to a Windows Domain using sssd and realmd.
Prerequisites#
- An Ubuntu machine with internet or local network access.
- Root or
sudoprivileges. - The FQDN (Fully Qualified Domain Name) of your Active Directory.
1. Time Synchronization#
Active Directory relies on Kerberos, which requires the system clock to be synchronized with the Domain Controller (DC). Use Chrony for reliable NTP management.
sudo apt install chrony -y2. Install Required Dependencies#
Update the local package index and install the tools needed for domain discovery and authentication.
sudo apt update
sudo apt install sssd-ad sssd-tools realmd adcli libpam-sss libnss-sss \
samba-common-bin oddjob oddjob-mkhomedir packagekit -y3. Domain Discovery and Enrollment#
Verify the domain is reachable and then join the machine to the AD environment.
Discover Domain#
realm discover <yourdomain.com>Join Domain#
Once discovered, use a domain administrator account to enroll the machine:
sudo realm join -U 'Administrator' <yourdomain.com>4. SSSD Configuration#
By default, SSSD requires the use of fully qualified names (e.g., user@domain.com). To allow users to log in with just their username, modify the configuration.
- Open the SSSD config file:
sudo nano /etc/sssd/sssd.conf- Set the following value to
False:
use_fully_qualified_names = False- Restart the service to apply changes:
sudo systemctl restart sssd5. Enable Automated Home Directory Creation#
This ensures that the first time a domain user logs in, the system automatically creates their /home/ directory.
sudo pam-auth-update --enable mkhomedirVerification#
To confirm the integration is successful, use the id command to look up a domain user:
id <domain_username>If successful, the system will return the UID, GID, and group memberships retrieved from the Active Directory.
