Hi,
I am currently doing an project, implementing an open source network. Therefore i need to join an ubuntu client to my ucs domain. I found this instructionDomain-4.1, but it is not working. At the point where the command getent passwd should show all univention users, i only get the local users.
Does anyone know how to troubleshoot this ? I have set up several times a new UCS Domain and a new ubuntu client, but it is not working at all.
Thank you and kidnest regards !
[German]
Hallo,
ich bin gerade in einem Projekt, wo wir ein OpenSource Netzwerk implementieren. Dafür ist es notwendig einen Ubuntu Client in die UCS Domäne zu joinen. Ich habe eine Anleitung gefunden Domain-4.1 und diese mehrmals abgearbeitet. Leider gibt der Befehl getend passwd nur die lokalen Benutzer zurück.
Weiß jemand wie man Fehler suchen kann ?
Danke und freundliche Grüße !
just now I finished the setup, a couple of time I was unsuccessful.
I found out that my sssd service was not able to start, later after trouble shooting I tried again.
Now it is working
can you please check the status of your sssd
service sssd status
Hi, I’ve 2 Linux Client authenticated on UCS.
This is my step-by-step procedure:
-
Setup a proper machine name before joining the domain with the help of hostnamectl command or by manually editing /etc/hostname file
-
Edit /etc/network/interfaces file and add dns-nameservers statement with your proper AD IP addresses and domain name
-
Test: ping -c2 your_domain_name
-
sudo apt-get install ntpdate
sudo ntpdate -q your_domain_name
sudo ntpdate your_domain_name
-
sudo apt-get install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
While the Kerberos packages are installing you should be asked to enter the name of your default realm. Use the name of your domain with uppercases and press Enter key to continue the installation
-
kinit ad_admin_user
-
klist
-
mv /etc/samba/smb.conf /etc/samba/smb.conf.initial
nano /etc/samba/smb.conf
[global]
workgroup = xxxxx
realm = xxxxxx.xxxx
netbios name = xxxxxx
security = ADS
dns forwarder = ip
idmap config * : backend = tdb
idmap config *:range = 50000-1000000
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
-
sudo systemctl restart smbd nmbd winbind
sudo systemctl stop samba-ad-dc
sudo systemctl enable smbd nmbd winbind
-
sudo net ads join -U ad_admin_user
-
sudo nano /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat winbind
-
wbinfo -u
-
wbinfo -g
-
sudo getent passwd| grep your_domain_user
sudo getent group|grep ‘domain admins’
-
sudo pam-auth-update
All *
-
edit /etc/pam.d/common-account
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
-
edit /etc/pam.d/common-password
password [success=1 default=ignore] pam_winbind.so try_first_pass
-
su - your_ad_user
-
To use a domain account with root privileges on your Ubuntu machine, you need to add the AD username to the sudo system group by issuing the below command:
sudo usermod -aG sudo your_domain_user
-
edit /etc/sudoers
%YOUR_DOMAIN\your_domain\ group ALL=(ALL:ALL) ALL
-
In case you are running the graphical version of Ubuntu and you want to login on the system with a domain user, you need to modify LightDM display manager by editing /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf
greeter-show-manual-login=true
greeter-hide-users=true
For me thats all
Andrea
1 Like
Hi !
Thank you for your help 
I succesfully joined an Ubuntu client to the domain now
The problem was a typing error… 
Thanks
I noticed that homes have user:domain users premissions.
tony and jmmy are domain users, and tony can see jimmy home.
you too?
