Join Ubuntu Client to UCS Domain

Hi,
I am currently doing an project, implementing an open source network. Therefore i need to join an ubuntu client to my ucs domain. I found this instructionDomain-4.1, but it is not working. At the point where the command getent passwd should show all univention users, i only get the local users.

Does anyone know how to troubleshoot this ? I have set up several times a new UCS Domain and a new ubuntu client, but it is not working at all.

Thank you and kidnest regards !

[German]
Hallo,
ich bin gerade in einem Projekt, wo wir ein OpenSource Netzwerk implementieren. Dafür ist es notwendig einen Ubuntu Client in die UCS Domäne zu joinen. Ich habe eine Anleitung gefunden Domain-4.1 und diese mehrmals abgearbeitet. Leider gibt der Befehl getend passwd nur die lokalen Benutzer zurück.

Weiß jemand wie man Fehler suchen kann ?

Danke und freundliche Grüße !

just now I finished the setup, a couple of time I was unsuccessful.
I found out that my sssd service was not able to start, later after trouble shooting I tried again.
Now it is working
can you please check the status of your sssd

service sssd status

Hi, I’ve 2 Linux Client authenticated on UCS.
This is my step-by-step procedure:

• Setup a proper machine name before joining the domain with the help of hostnamectl command or by manually editing /etc/hostname file

• Edit /etc/network/interfaces file and add dns-nameservers statement with your proper AD IP addresses and domain name

• Test: ping -c2 your_domain_name

• sudo apt-get install ntpdate
  sudo ntpdate -q your_domain_name
  sudo ntpdate your_domain_name

• sudo apt-get install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
  While the Kerberos packages are installing you should be asked to enter the name of your default realm. Use the name of your domain with uppercases and press Enter key to continue the installation

• kinit ad_admin_user

• klist

• mv /etc/samba/smb.conf /etc/samba/smb.conf.initial
  nano /etc/samba/smb.conf
  [global]
  workgroup = xxxxx
  realm = xxxxxx.xxxx
  netbios name = xxxxxx
  security = ADS
  dns forwarder = ip
  idmap config * : backend = tdb
  idmap config *:range = 50000-1000000
  template homedir = /home/%D/%U
  template shell = /bin/bash
  winbind use default domain = true
  winbind offline logon = false
  winbind nss info = rfc2307
  winbind enum users = yes
  winbind enum groups = yes
  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

• sudo systemctl restart smbd nmbd winbind
  sudo systemctl stop samba-ad-dc
  sudo systemctl enable smbd nmbd winbind

• sudo net ads join -U ad_admin_user

• sudo nano /etc/nsswitch.conf
  passwd: compat winbind
  group: compat winbind
  shadow: compat winbind

• wbinfo -u

• wbinfo -g

• sudo getent passwd| grep your_domain_user
  sudo getent group|grep ‘domain admins’

• sudo pam-auth-update
  All *

• edit /etc/pam.d/common-account
  session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

• edit /etc/pam.d/common-password
  password [success=1 default=ignore] pam_winbind.so try_first_pass

• su - your_ad_user

• To use a domain account with root privileges on your Ubuntu machine, you need to add the AD username to the sudo system group by issuing the below command:
  sudo usermod -aG sudo your_domain_user

• edit /etc/sudoers
  %YOUR_DOMAIN\your_domain\ group ALL=(ALL:ALL) ALL

• In case you are running the graphical version of Ubuntu and you want to login on the system with a domain user, you need to modify LightDM display manager by editing /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
  greeter-show-manual-login=true
  greeter-hide-users=true

For me thats all

Andrea

Hi !
Thank you for your help

I succesfully joined an Ubuntu client to the domain now
The problem was a typing error…

Thanks

I noticed that homes have user:domain users premissions.
tony and jmmy are domain users, and tony can see jimmy home.

you too?