Ubuntu Joining the Domain

Posted by robd on May 04, 2022
Linux / No Comments


I had to join a Ubuntu server to a Window Domain recently, here’s what I did, the # are just annotated notes:

#Update the \etc\hosts file for to be the hostname
sudo vi /etc/hosts UbuntuServer

#Install the packages
sudo apt-get update
sudo apt-get install krb5-user samba sssd sssd-tools libnss-sss libpam-sss ntp ntpdate realmd adcli

#Update NTP for domain time
sudo vi /etc/ntp.conf

#In the ntp.conf file, create a line an add the following:
# I also removed out all the other NTPs

#stop and start ntp and we are golden
sudo systemctl stop ntp
sudo ntpdate
sudo systemctl start ntp

#Dicover the fookin domain (Case SeNsAtIvE)
sudo realm discover DOMAIN.COM
#should see the domain

#Initialise Kerberos (Case SeNsAtIvE) use yor own frickin username
kinit -V admin@DOMAIN.COM
#chuck in your password

#join the muther fuzin domain baby, you have a choice here, if your server can reach all your DCs in your domain then use the first command, if it cant then you have to specify one:
#sudo realm join --verbose DOMAIN.COM -U admin@DOMAIN.COM --install=/
sudo realm join --verbose -U admin@DOMAIN.COM dc01.DOMAIN.COM --install=/

#comment out the use fully qualified thing
sudo vi /etc/sssd/sssd.conf
# use_fully_qualified_names = True

#restart ssssd
sudo systemctl restart sssd

#enable the user to vcreate home dirve
sudo vi /etc/pam.d/common-session
#place the following under the line that contains session optional
session required skel=/etc/skel/ umask=0077

id admin@DOMAIN.COM

#visudo bitches
sudo visudo -f /etc/sudoers
%Domain\ Admins ALL=(ALL) NOPASSWD:ALL

#change the domains so we can login
sudo vi /etc/krb5.conf

        DOMAIN.COM = {
                kdc =
                kdc =
                admin_server =
        } = DOMAIN.COM

#allows these to ssh
sudo realm permit -g 'Domain Admins'
sudo realm permit -g 'Tronstride Servers Local Admins'

tail -f /var/log/auth.log


Tags: , , ,

DNS for a subdomain

Posted by robd on May 08, 2014
DNS / No Comments

Hi All,

My company uses a sub domain for a satellite office, all works fine and replication takes places etc etc.

The problem I had was with DNS.  I’m based in Contoso.local and I cannot ping any device the sub-domain Sub.contoso.local without fully qualifying the domain.

For example if I ping a server1 on the subdomain using

"Ping Server1"

DNS cannot route the command where as if I type

"Ping Server1.sub.contose.local"

it works fine.

I’ve checked DNS on Contoso.local and there are conditional forwarders to Sub.contoso.local:


So how can I get around this??  The answer is to add a DNS Suffix locally or to all the domain devices via group policy:

Group policy:

Computer Policy > Policies > Administrative Templates > Network/DNS Client > DNS Suffix Search List.


Then GPUPDATE /force your client and run IPCONFIG /ALL and you should see:




Tags: , , , , , ,