Join Ubuntu Client to UCS Domain

I am currently doing an project, implementing an open source network. Therefore i need to join an ubuntu client to my ucs domain. I found this instructionDomain-4.1, but it is not working. At the point where the command getent passwd should show all univention users, i only get the local users.

Does anyone know how to troubleshoot this ? I have set up several times a new UCS Domain and a new ubuntu client, but it is not working at all.

Thank you and kidnest regards !

ich bin gerade in einem Projekt, wo wir ein OpenSource Netzwerk implementieren. Dafür ist es notwendig einen Ubuntu Client in die UCS Domäne zu joinen. Ich habe eine Anleitung gefunden Domain-4.1 und diese mehrmals abgearbeitet. Leider gibt der Befehl getend passwd nur die lokalen Benutzer zurück.

Weiß jemand wie man Fehler suchen kann ?

Danke und freundliche Grüße !

just now I finished the setup, a couple of time I was unsuccessful.
I found out that my sssd service was not able to start, later after trouble shooting I tried again.
Now it is working
can you please check the status of your sssd

service sssd status

Hi, I’ve 2 Linux Client authenticated on UCS.
This is my step-by-step procedure:

  • Setup a proper machine name before joining the domain with the help of hostnamectl command or by manually editing /etc/hostname file

  • Edit /etc/network/interfaces file and add dns-nameservers statement with your proper AD IP addresses and domain name

  • Test: ping -c2 your_domain_name

  • sudo apt-get install ntpdate
    sudo ntpdate -q your_domain_name
    sudo ntpdate your_domain_name

  • sudo apt-get install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
    While the Kerberos packages are installing you should be asked to enter the name of your default realm. Use the name of your domain with uppercases and press Enter key to continue the installation

  • kinit ad_admin_user

  • klist

  • mv /etc/samba/smb.conf /etc/samba/smb.conf.initial
    nano /etc/samba/smb.conf
    workgroup = xxxxx
    realm = xxxxxx.xxxx
    netbios name = xxxxxx
    security = ADS
    dns forwarder = ip
    idmap config * : backend = tdb
    idmap config *:range = 50000-1000000
    template homedir = /home/%D/%U
    template shell = /bin/bash
    winbind use default domain = true
    winbind offline logon = false
    winbind nss info = rfc2307
    winbind enum users = yes
    winbind enum groups = yes
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

  • sudo systemctl restart smbd nmbd winbind
    sudo systemctl stop samba-ad-dc
    sudo systemctl enable smbd nmbd winbind

  • sudo net ads join -U ad_admin_user

  • sudo nano /etc/nsswitch.conf
    passwd: compat winbind
    group: compat winbind
    shadow: compat winbind

  • wbinfo -u

  • wbinfo -g

  • sudo getent passwd| grep your_domain_user
    sudo getent group|grep ‘domain admins’

  • sudo pam-auth-update
    All *

  • edit /etc/pam.d/common-account
    session required skel=/etc/skel/ umask=0022

  • edit /etc/pam.d/common-password
    password [success=1 default=ignore] try_first_pass

  • su - your_ad_user

  • To use a domain account with root privileges on your Ubuntu machine, you need to add the AD username to the sudo system group by issuing the below command:
    sudo usermod -aG sudo your_domain_user

  • edit /etc/sudoers
    %YOUR_DOMAIN\your_domain\ group ALL=(ALL:ALL) ALL

  • In case you are running the graphical version of Ubuntu and you want to login on the system with a domain user, you need to modify LightDM display manager by editing /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf

For me thats all


1 Like

Hi !
Thank you for your help :slight_smile:

I succesfully joined an Ubuntu client to the domain now :slight_smile:
The problem was a typing error… :frowning:

Thanks :slight_smile:

I noticed that homes have user:domain users premissions.
tony and jmmy are domain users, and tony can see jimmy home.

you too?