In this post I will explain how to join your Ubuntu 14.04 server to an Active Directory domain and use AD credentials to login.
Firstly ensure you have a static IP Address and you have setup a dns-search in your /etc/network/interfaces file.
1) Elevate your privileges to install and configure. Normally I would use sudo, but in the instance I will run as root, as all commands need elevated privileges.
2) Now download the Power Broker Identity Services, Open Edition package. This is the package that will be used to bind with the domain.
3) Now install the package, firstly using chmod to add execute permissions to the file.
chmod a+x pbis-open-184.108.40.2066.linux.x86_64.deb.sh
4) Now you will need to join your server to the domain (in this case the domain name is contoso.com)
/opt/pbis/bin/domainjoin-cli join contoso.com [email protected]
5) Now we need to add the domain prefix to user logins, assume when logging in we are a domain user, set the shell, update DNS with our IP Address, and purge the local AD cache.
/opt/pbis/bin/config UserDomainPrefix contoso
/opt/pbis/bin/config AssumeDefaultDomain true
/opt/pbis/bin/config LoginShellTemplate /bin/bash
6) There is a bug with PAM using PIBS, so we need to make a small configuration change.
sudo nano /etc/pam.d/common-session
Find the line that contains pam_lsass.so and replace it with the following:
session [success=ok default=ignore] pam_lsass.so
7) On your domain controller, add a new group called LinuxAdmins and add the relevant users.
8) Now we need to add this group to the sudoers file
Add the following line into this file:
%linuxadmins ALL=(ALL:ALL) ALL
9) Now reboot again
10) If you run the following command you will see you group membership
11) You should see that your user is a member of the “LinuxAdmins” group or a member of the “contoso\linuxadmins” group. You should now be able to use sudo to elevate your privileges. If you cannot, you can try the following:
Replace the line added in step 8 with the following (with the double \\ after the domain name)
%contoso\\linuxadmins ALL=(ALL:ALL) ALL
%contoso.com\\linuxadmins ALL=(ALL:ALL) ALL