Sponsored Link
Preparing your system
Need to install all the required packages using the following command
sudo apt-get install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp
During installation of krb5-user, it will prompt you for the default Kerberos realm. This should be your domain in all caps. Example: LOCALDOMAIN.XX
Now, go ahead and get a valid kerberos ticket for your AD admin: kinit [email protected]
Configuring realmd
You need to edit /etc/realmd.conf
sudo vi /etc/realmd.conf
Change the following option
[service]
automatic-install = no
Save and exit the file
Configuring sssd.conf file
First you need to change the sssd.confile using the following command
sudo chmod 0600 /etc/sssd/sssd.conf
Now edit the file using the following command
sudo /etc/sssd/sssd.conf
add the following lines
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3[pam]
reconnection_retries = 3
Comment out the following line
use_fully_qualified_names = True
to
#use_fully_qualified_names = True
Save and exit the file
Join in unattended mode with new user principal using the following command
realm –-verbose join localdomain.xx –-user-principal=myubuntuserver/[email protected] –-unattended
Reboot your server. You should now be able to id a domain user as follows: id LOCALDOMAIN\\myuser
You can now su to a domain user: su myuser@localdomain
You can add the NTP servers to sync with your domain controller in /etc/ntp.conf
GAG!!!!!!!!!!Microsoft GAG!!!!!!!!!!!!
Doesn’t work with UB 16.04 Server – I know we all despise MSFT but sometimes you have to integrate both platforms for sandbox configs.
Don’t work with Ubuntu 16.04.
Any solutions for Ubuntu 16.04?
Checked the OU on the WIndows Server using dsquery and it is matches the one specified in realmd.
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using domain name: OurDomain.local
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using domain name: OurDomain.local
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using computer account name: LinuxBox
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using computer account name: LinuxBox
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using domain realm: OurDomain.local
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using domain realm: OurDomain.local
Sep 09 14:19:00 LinuxBox realmd[4642]: * Calculated computer account name from fqdn: LinuxBox
Sep 09 14:19:00 LinuxBox realmd[4642]: * Calculated computer account name from fqdn: LinuxBox
Sep 09 14:19:00 LinuxBox realmd[4642]: * Generated 120 character computer password
Sep 09 14:19:00 LinuxBox realmd[4642]: * Generated 120 character computer password
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using keytab: FILE:/etc/krb5.keytab
Sep 09 14:19:00 LinuxBox realmd[4642]: * Using keytab: FILE:/etc/krb5.keytab
Sep 09 14:19:00 LinuxBox realmd[4642]: * Found computer account for LinuxBox$ at: CN=LinuxBox,OU=Group,OU=Division,OU=Computers,OU=Company,DC=OurDomain,DC=local
Sep 09 14:19:00 LinuxBox realmd[4642]: * Found computer account for LinuxBox$ at: CN=LinuxBox,OU=Group,OU=Division,OU=Computers,OU=Company,DC=OurDomain,DC=local
Sep 09 14:19:00 LinuxBox realmd[4642]: ! The computer account LinuxBox already exists, but is not in the desired organizational unit.
Sep 09 14:19:00 LinuxBox realmd[4642]: ! The computer account LinuxBox already exists, but is not in the desired organizational unit.
Sep 09 14:19:00 LinuxBox realmd[4642]: adcli: joining domain OurDomain.local failed: The computer account LinuxBox already exists,
Sep 09 14:19:00 LinuxBox realmd[4642]: adcli: joining domain OurDomain.local failed: The computer account LinuxBox already exists,
Sep 09 14:19:00 LinuxBox realmd[4642]: process exited: 4650
Sep 09 14:19:00 LinuxBox realmd[4642]: ! Failed to join the domain
Sep 09 14:19:00 LinuxBox realmd[4642]: ! Failed to join the domain
Sep 09 14:19:00 LinuxBox realmd[4642]: released daemon: current-invocation
Sep 09 14:19:00 LinuxBox realmd[4642]: stopping service