Ubuntu Joining the Domain

Posted by robd on May 04, 2022
Linux

Hello,

I had to join a Ubuntu server to a Window Domain recently, here’s what I did, the # are just annotated notes:

#Update the \etc\hosts file for 127.0.0.1 to be the hostname
sudo vi /etc/hosts
127.0.0.1 UbuntuServer.domain.com UbuntuServer


#Install the packages
sudo apt-get update
sudo apt-get install krb5-user samba sssd sssd-tools libnss-sss libpam-sss ntp ntpdate realmd adcli

#Update NTP for domain time
sudo vi /etc/ntp.conf

#In the ntp.conf file, create a line an add the following:
server domain.com
# I also removed out all the other NTPs


#stop and start ntp and we are golden
sudo systemctl stop ntp
sudo ntpdate domain.com
sudo systemctl start ntp


#Dicover the fookin domain (Case SeNsAtIvE)
sudo realm discover DOMAIN.COM
#should see the domain


#Initialise Kerberos (Case SeNsAtIvE) use yor own frickin username
kinit -V admin@DOMAIN.COM
#chuck in your password


#join the muther fuzin domain baby, you have a choice here, if your server can reach all your DCs in your domain then use the first command, if it cant then you have to specify one:
#1
#sudo realm join --verbose DOMAIN.COM -U admin@DOMAIN.COM --install=/
#2
sudo realm join --verbose -U admin@DOMAIN.COM dc01.DOMAIN.COM --install=/


#comment out the use fully qualified thing
sudo vi /etc/sssd/sssd.conf
# use_fully_qualified_names = True

#restart ssssd
sudo systemctl restart sssd

#enable the user to vcreate home dirve
sudo vi /etc/pam.d/common-session
#place the following under the line that contains session optional pam_sss.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

#test
id admin@DOMAIN.COM

#visudo bitches
sudo visudo -f /etc/sudoers
%Domain\ Admins ALL=(ALL) NOPASSWD:ALL


#change the domains so we can login
sudo vi /etc/krb5.conf

        DOMAIN.COM = {
                kdc = dc01.domain.com
                kdc = dc02.domain.com
                admin_server = admin.domain.com
        }

.domain.com = DOMAIN.COM

#allows these to ssh
sudo realm permit -g 'Domain Admins'
sudo realm permit -g 'Tronstride Servers Local Admins'


#toublshoot
tail -f /var/log/auth.log

 

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.