Integrate Ubuntu with MS Active Directory – Complete Guide – Ubuntu 16.04 -18.04, AD Bridge Open 9.0.1.525 With Windows Active Directory
PowerBroker Identity Services (PBIS) joins Unix, Linux, and Mac OS X computers to Active Directory so that you can centrally manage all your computers from one source, authenticate users with the highly secure Kerberos 5 protocol, control access to resources, and apply group policies to non-Windows computers
Integrate Ubuntu with MS Active Directory – Complete Guide
Step 1: Install Ubuntu desktop
Please visit to Ubuntu Desktop download page to download Ubuntu ISO file
Ubuntu Desktop version Download Page
Please follow standard setup to complete your Ubuntu installation
Step 1: Change root Password & Login as root
Please use below commands to Change root Password & Login as root
$ sudo –i
Enter Current password
$ sudo passwd root
Enter new root password & type below to login as root
$ Sudo -
Step 2: Install PBIS-Open from Repository (Online)
Please follow below command to install PBIS-Open and SSH to work with active directory
$ wget -O - http://repo.pbis.beyondtrust.com/yum/RPM-GPG-KEY-pbis|sudo apt-key add -
$ sudo wget -O /etc/apt/sources.list.d/pbiso.list
$ http://repo.pbis.beyondtrust.com/apt/pbiso.list
$ sudo apt-get update
$ sudo apt-get install pbis-open
$ apt-get install ssh
$ sudo apt-get remove avahi-daemon
If you successfully finish option 02 you can got to option 04
Step 3: Install PBIS-Open from debian file (Offline)
Please follow below instruction to install PBIS-Open using debian package from PBIS github repository.
Visit PBIS-Open releases page
https://github.com/BeyondTrust/pbis-open/releases
Download latest x86_64.deb.sh file – From: https://github.com/BeyondTrust/pbis-open/releases/
Execute Below commands
$ chmod +x pbis-open-version.x86_64.deb.sh
$ sudo ./pbis-open-latest.x86_64.deb.sh or sh ./pbis-open-latest.x86_64.deb.sh
$ apt-get install ssh
$ sudo apt-get remove avahi-daemon
Step 4: Join with the Active Directory Domain
If you have successfully completed option 02 you can process from here, if you are failing with option 02 you have to go with option 03.
Please use below commands to join your newly installed Ubuntu desktop PC with Microsoft Active Directory
cd /opt/pbis/bin/
sudo domainjoin-cli join localdomain.local administrator
Example : sudo domainjoin-cli join localdomain.local administrator
Check Domain Connectivity
$ sudo domainjoin-cli query
Configure PBIS Parameters
#sudo /opt/pbis/bin/config UserDomainPrefix [Domain]
Example: sudo /opt/pbis/bin/config UserDomainPrefix localdomain
$ sudo /opt/pbis/bin/config AssumeDefaultDomain True
$ sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
$ sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
$ sudo nano /etc/pam.d/common-session
Edit above config file using above command & add “session [success=ok default=ignore] pam_lsass.so” to end of the file
Ubuntu 16.04
$ sudo nano /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf
Ubuntu 18.04
$ sudo nano /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
Edit above config file using above command and append below lines to the end of file
allow-guest=false
greeter-show-manual-login=true
Reboot the system & try to logon using domain user account
Manage PBIS & Services
Restart PBIS service
$ /opt/pbis/bin/lwsm restart lsass
Uninstall PBIS service
$ /opt/pbis/bin/uninstall.sh uninstall
Completely Remove PBIS service with files
$ /opt/pbis/bin/uninstall.sh purge
How to change Host-name using PBIS
cd /opt/pbis/bin/
$ sudo domainjoin-cli setname newname
Step 5: How to upgrade PBIS-Open
First you need to leave from existing domain to upgrade version of PBIS. Follow below instructions to proceed with the upgrade
#sudo domainjoin-cli leave localdomain.local administrator
Completely Remove PBIS service with files
#/opt/pbis/bin/uninstall.sh purge
Install upgrade version of PBIS
# sudo ./pbis-open-latest-version.linux.x86_64.deb.sh
Configure Domain
cd /opt/pbis/bin/
sudo domainjoin-cli join domain.local administrator
Example: sudo domainjoin-cli join localdomain.local administrator
# sudo /opt/pbis/bin/config UserDomainPrefix localdomain
# sudo /opt/pbis/bin/config AssumeDefaultDomain True
# sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
# sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
# sudo nano /etc/pam.d/common-session
Edit above config file using above command & add “session [success=ok default=ignore] pam_lsass.so” to end of the file