linux connect to active directory code example

Example: join linux to ad domain

Install Ubuntu.(setup hostname when install, 
example: UBUNTUVMACHINE)
Setup Static IP.
Open terminal,
CMD:sudo apt update
CMD:sudo apt-get install fping

Make sure your Ubuntu Desktop machine has access to the Active Directory domain and the Domain Controllers:
CMD:dig -t SRV _ldap._tcp.bmbdlocal.lan | grep -A2 "ANSWER SECTION"

;; ANSWER SECTION:
_ldap._tcp.bmbdlocal.lan. 600 IN SRV 0 100 389 Server2016.bmbdlocal.lan.

ping Active Directory domain and the Domain Controllers:

example:ping bmbdlocal.lan
example:ping server2016.bmbdlocal.lan

also

CMD:fping server2016.bmbdlocal.lan

server2016.bmbdlocal.lan is alive

Install all necessary packages:
CMD:sudo apt-get -y install realmd sssd sssd-tools samba-common krb5-user packagekit samba-common-bin samba-libs adcli ntp

after ask type:BMBDLOCAL.LAN
then OK

Setup your ntp service to point to our domain timeservers:
CMD: sudo vi /etc/ntp.conf

...
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
server2016.bmbdlocal.lan
# Use Ubuntu's ntp server as a fallback.
#server ntp.ubuntu.com
...

restart your ntp service:
CMD:sudo service ntp restart

Setting up realmd:
CMD: sudo vi /etc/realmd.conf
...
[users]
default-home = /home/%D/%U
default-shell = /bin/bash
[active-directory]
default-client = sssd
os-name = Ubuntu Desktop Linux
os-version = 14.04
[service]
automatic-install = no
[bmbdlocal.lan]
fully-qualified-names = no
automatic-id-mapping = yes
user-principal = yes
manage-system = no
...

Join the Ubuntu machine on the AD domain:
CMD:sudo kinit [email protected]

Password for [email protected]:

[You will not see any output while you type the password. That’s normal.]

Add the Ubuntu machine in the domain:
CMD:sudo realm --verbose join bmbdlocal.lan \
--user-principal=UBUNTUVMACHINE/[email protected] --unattended

Setting up sssd:
CMD:sudo vi /etc/sssd/sssd.conf

Modify the access_provider = simple

access_provider = ad

Restart the sssd service:
CMD:sudo service sssd restart

Setup homedir auto-creation for new users:

CMD: sudo vi /etc/pam.d/common-session
...
session required pam_unix.so
session optional pam_winbind.so
session optional pam_sss.so
session optional pam_systemd.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
# end of pam-auth-update config
...

Check Active Directory users name resolution:
CMD:id domainuser(test1)

uid=951601106(test1) gid=951600513(domain users) groups=951600513(domain users)

Setting up LightDM for CLI mode ubuntu or linux:[no need for ubuntu GUI]
CMD: sudo vi /etc/lightdm/lightdm.conf
...
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
...