Integrate Ubuntu with MS Active Directory – Complete Guide

Date:

Integrate Ubuntu with MS Active Directory – Complete Guide – Ubuntu 16.04 -18.04, AD Bridge Open 9.0.1.525 With Windows Active Directory

PowerBroker Identity Services (PBIS) joins Unix, Linux, and Mac OS X computers to Active Directory so that you can centrally manage all your computers from one source, authenticate users with the highly secure Kerberos 5 protocol, control access to resources, and apply group policies to non-Windows computers

Integrate Ubuntu with MS Active Directory – Complete Guide

Step 1: Install Ubuntu desktop

Please visit to Ubuntu Desktop download page to download Ubuntu ISO file

Ubuntu Desktop version Download Page

Ubuntu Desktop Official Download Page
Ubuntu Desktop Official Download Page

Please follow standard setup to complete your Ubuntu installation

Step 1: Change root Password & Login as root

Please use below commands to Change root Password & Login as root

$ sudo –i
Enter Current password
$ sudo passwd root
Enter new root password & type below to login as root
$ Sudo -

Step 2: Install PBIS-Open from Repository (Online)

Please follow below command to install PBIS-Open and SSH to work with active directory

$ wget -O - http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis|sudo apt-key add - 
$ sudo wget -O /etc/apt/sources.list.d/pbiso.list
$ http://repo.pbis.beyondtrust.com/apt/pbiso.list 
$ sudo apt-get update
$ sudo apt-get install pbis-open
$ apt-get install ssh
$ sudo apt-get remove avahi-daemon

If you successfully finish option 02 you can got to option 04

Step 3: Install PBIS-Open from debian file (Offline)

Please follow below instruction to install PBIS-Open using debian package from PBIS github repository.

Visit PBIS-Open releases page

https://github.com/BeyondTrust/pbis-open/releases

Download latest x86_64.deb.sh file – From: https://github.com/BeyondTrust/pbis-open/releases/

PBIS-Open Release Page
PBIS-Open Release Page

Execute Below commands

$ chmod +x pbis-open-version.x86_64.deb.sh
$ sudo ./pbis-open-latest.x86_64.deb.sh or sh ./pbis-open-latest.x86_64.deb.sh
$ apt-get install ssh
$ sudo apt-get remove avahi-daemon

Step 4: Join with the Active Directory Domain

If you have successfully completed option 02 you can process from here, if you are failing with option 02 you have to go with option 03.

Please use below commands to join your newly installed Ubuntu desktop PC with Microsoft Active Directory

cd /opt/pbis/bin/
sudo domainjoin-cli join localdomain.local administrator
Example : sudo domainjoin-cli join localdomain.local administrator

Check Domain Connectivity

$ sudo domainjoin-cli query

Configure PBIS Parameters

#sudo /opt/pbis/bin/config UserDomainPrefix [Domain]
Example: sudo /opt/pbis/bin/config UserDomainPrefix localdomain
$ sudo /opt/pbis/bin/config AssumeDefaultDomain True
$ sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
$ sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
$ sudo nano /etc/pam.d/common-session
Edit above config file using above command & add “session [success=ok default=ignore] pam_lsass.so” to end of the file

Ubuntu 16.04
$ sudo nano /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf

Ubuntu 18.04
$ sudo nano /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
Edit above config file using above command and append below lines to the end of file
allow-guest=false
greeter-show-manual-login=true

Reboot the system & try to logon using domain user account

Manage PBIS & Services

Restart PBIS service
$ /opt/pbis/bin/lwsm restart lsass
Uninstall PBIS service
$ /opt/pbis/bin/uninstall.sh uninstall
Completely Remove PBIS service with files
$ /opt/pbis/bin/uninstall.sh purge

How to change Host-name using PBIS

cd /opt/pbis/bin/
$ sudo domainjoin-cli setname newname

Step 5: How to upgrade PBIS-Open

First you need to leave from existing domain to upgrade version of PBIS. Follow below instructions to proceed with the upgrade

#sudo domainjoin-cli leave localdomain.local administrator
Completely Remove PBIS service with files
#/opt/pbis/bin/uninstall.sh purge
Install upgrade version of PBIS
# sudo ./pbis-open-latest-version.linux.x86_64.deb.sh
Configure Domain
cd /opt/pbis/bin/
sudo domainjoin-cli join domain.local administrator
Example: sudo domainjoin-cli join localdomain.local administrator

# sudo /opt/pbis/bin/config UserDomainPrefix localdomain
#  sudo /opt/pbis/bin/config AssumeDefaultDomain True
#  sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
#  sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
# sudo nano /etc/pam.d/common-session
Edit above config file using above command & add “session [success=ok default=ignore] pam_lsass.so” to end of the file

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

How to Protect WordPress with Cloudflare

Cloudflare, Inc. is an American content delivery network and...

Facebook Outage

Mike Schroepfer - CTO @ Facebook. *Sincere* apologies to everyone...

Magento 2 One Page Checkout (One Step Checkout)

Magento 2 One Page Checkout - One Page checkout...