Join Ubutnu 14.04 to an Active Directory Domain

In this post I will explain how to join your Ubuntu 14.04 server to an Active Directory domain and use AD credentials to login.

Firstly ensure you have a static IP Address and you have setup a dns-search in your /etc/network/interfaces file.

1) Elevate your privileges to install and configure.  Normally I would use sudo, but in the instance I will run as root, as all commands need elevated privileges.

sudo -s

2) Now download the Power Broker Identity Services, Open Edition package.  This is the package that will be used to bind with the domain.

wget http://download.beyondtrust.com/PBISO/8.0.0.2016/linux.deb.x64/pbis-open-8.0.0.2016.linux.x86_64.deb.sh

3) Now install the package, firstly using chmod to add execute permissions to the file.

chmod a+x pbis-open-8.0.0.2016.linux.x86_64.deb.sh

bash pbis-open-8.0.0.2016.linux.x86_64.deb.sh

reboot

4)  Now you will need to join your server to the domain (in this case the domain name is contoso.com)

sudo -s

/opt/pbis/bin/domainjoin-cli join contoso.com administrator@contoso.com

reboot

5)  Now we need to add the domain prefix to user logins, assume when logging in we are a domain user, set the shell, update DNS with our IP Address, and purge the local AD cache.

sudo -s
/opt/pbis/bin/config UserDomainPrefix contoso
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config LoginShellTemplate /bin/bash
/opt/pbis/bin/update-dns
/opt/pbis/bin/ad-cache --delete-all

6) There is a bug with PAM using PIBS, so we need to make a small configuration change.

sudo nano /etc/pam.d/common-session

Find the line that contains pam_lsass.so and replace it with the following:

session [success=ok default=ignore] pam_lsass.so

7) On your domain controller, add a new group called LinuxAdmins and add the relevant users.

8) Now we need to add this group to the sudoers file

sudo visudo

Add the following line into this file:

%linuxadmins ALL=(ALL:ALL) ALL

9) Now reboot again

sudo reboot

10) If you run the following command you will see you group membership

id

11) You should see that your user is a member of the “LinuxAdmins” group or a member of the “contoso\linuxadmins” group.  You should now be able to use sudo to elevate your privileges.  If you cannot, you can try the following:

sudo visudo

Replace the line added in step 8 with the following (with the double \\ after the domain name)

%contoso\\linuxadmins ALL=(ALL:ALL) ALL

%contoso.com\\linuxadmins ALL=(ALL:ALL) ALL

Ref: http://www.kiloroot.com/add-ubuntu-14-04-lts-server-to-a-windows-active-directory-domain-fullest-integration/