Ubuntu Active Directory Integration Guide

This document provides a step-by-step procedure for joining an Ubuntu machine to a Windows Domain using sssd and realmd.

Prerequisites

• An Ubuntu machine with internet or local network access.
• Root or sudo privileges.
• The FQDN (Fully Qualified Domain Name) of your Active Directory.

1. Time Synchronization

Active Directory relies on Kerberos, which requires the system clock to be synchronized with the Domain Controller (DC). Use Chrony for reliable NTP management.

sudo apt install chrony -y

2. Install Required Dependencies

Update the local package index and install the tools needed for domain discovery and authentication.

sudo apt update
sudo apt install sssd-ad sssd-tools realmd adcli libpam-sss libnss-sss \
samba-common-bin oddjob oddjob-mkhomedir packagekit -y

3. Domain Discovery and Enrollment

Verify the domain is reachable and then join the machine to the AD environment.

Discover Domain

realm discover <yourdomain.com>

Join Domain

Once discovered, use a domain administrator account to enroll the machine:

sudo realm join -U 'Administrator' <yourdomain.com>

4. SSSD Configuration

By default, SSSD requires the use of fully qualified names (e.g., [email protected]). To allow users to log in with just their username, modify the configuration.

1. Open the SSSD config file:

sudo nano /etc/sssd/sssd.conf

2. Set the following value to False:

use_fully_qualified_names = False

3. Restart the service to apply changes:

sudo systemctl restart sssd

5. Enable Automated Home Directory Creation

This ensures that the first time a domain user logs in, the system automatically creates their /home/ directory.

sudo pam-auth-update --enable mkhomedir

Verification

To confirm the integration is successful, use the id command to look up a domain user:

id <domain_username>

If successful, the system will return the UID, GID, and group memberships retrieved from the Active Directory.