How to Join Ubuntu Computer to an Active Directory Domain Using BeyondTrust AD Bridge (PBIS)
Install prerequisites.
sudo apt-get install -y vim openssh-server
Add BeyondTrust AD Bridge Open repository to your system.
wget -O - http://repo.pbis.beyondtrust.com/apt/RPM-GPG-KEY-pbis|sudo apt-key add -
sudo wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.list
sudo apt-get update
Once your Repository has been added, you can then install the BeyondTrust AD Bridge using the following commands.
sudo apt-get install -y pbis-open
Do the following customization.
# Set domain prefix
sudo /opt/pbis/bin/config UserDomainPrefix <DOMAIN NETBIOS NAME>
Ex:
sudo /opt/pbis/bin/config UserDomainPrefix EXAMPLE
# Set default logon domain
sudo /opt/pbis/bin/config AssumeDefaultDomain True
# Set default login shell
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
# Set home directory template
sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
Join the computer to the domain.
sudo domainjoin-cli join <DOMAIN NETBIOS NAME> <DOMAIN ADMIN USERNAME>
Ex:
sudo domainjoin-cli join EXAMPLE.LOCAL yasithab
Add domain user to the sudoers group.
sudo usermod -a -G sudo <DOMAIN USER>
Ex:
sudo usermod -a -G sudo shashikaj
Allow the above domain user to run sudo commands without entering the password.
sudo vim /etc/sudoers.d/sudo-users
# User rules for Domain User
<DOMAIN USER> ALL=(ALL) NOPASSWD:ALL
Ex:
shashikaj ALL=(ALL) NOPASSWD:ALL
Do the following changes in PAM authentication stack.
sudo vim /etc/pam.d/common-session
Replace "session optional pam_lsass.so" with "session [success=ok default=ignore] pam_lsass.so"
Enable the option to enter username in Ubuntu Desktop
# Open the lightdm configuration file
sudo vi /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf
# Append the following lines
greeter-hide-users=false
greeter-show-manual-login=true
allow-guest=false
In order to get domain information, run the following command.
sudo domainjoin-cli query
To dump complete PBIS service configurations.
sudo /opt/pbis/bin/config --dump
Reboot your computer in order to verify changes
sudo reboot
tip
If you want to remove your computer from the domain, you need to run:
sudo domainjoin-cli leave