Skip to main content

How to Join Ubuntu Computer to an Active Directory Domain Using BeyondTrust AD Bridge (PBIS)

Install prerequisites.

sudo apt-get install -y vim openssh-server

Add BeyondTrust AD Bridge Open repository to your system.

wget -O - http://repo.pbis.beyondtrust.com/apt/RPM-GPG-KEY-pbis|sudo apt-key add - 

sudo wget -O /etc/apt/sources.list.d/pbiso.list http://repo.pbis.beyondtrust.com/apt/pbiso.list

sudo apt-get update

Once your Repository has been added, you can then install the BeyondTrust AD Bridge using the following commands.

sudo apt-get install -y pbis-open

Do the following customization.

# Set domain prefix
sudo /opt/pbis/bin/config UserDomainPrefix <DOMAIN NETBIOS NAME>

Ex:
sudo /opt/pbis/bin/config UserDomainPrefix EXAMPLE

# Set default logon domain
sudo /opt/pbis/bin/config AssumeDefaultDomain True

# Set default login shell
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash

# Set home directory template
sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U

Join the computer to the domain.

sudo domainjoin-cli join <DOMAIN NETBIOS NAME> <DOMAIN ADMIN USERNAME>

Ex:
sudo domainjoin-cli join EXAMPLE.LOCAL yasithab

Add domain user to the sudoers group.

sudo usermod -a -G sudo <DOMAIN USER>

Ex:
sudo usermod -a -G sudo shashikaj

Allow the above domain user to run sudo commands without entering the password.

sudo vim /etc/sudoers.d/sudo-users

# User rules for Domain User
<DOMAIN USER> ALL=(ALL) NOPASSWD:ALL

Ex:
shashikaj ALL=(ALL) NOPASSWD:ALL

Do the following changes in PAM authentication stack.

sudo vim /etc/pam.d/common-session

Replace "session optional pam_lsass.so" with "session [success=ok default=ignore] pam_lsass.so"

Enable the option to enter username in Ubuntu Desktop

# Open the lightdm configuration file
sudo vi /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf

# Append the following lines
greeter-hide-users=false
greeter-show-manual-login=true
allow-guest=false

In order to get domain information, run the following command.

sudo domainjoin-cli query

To dump complete PBIS service configurations.

sudo /opt/pbis/bin/config --dump

Reboot your computer in order to verify changes

sudo reboot
tip

If you want to remove your computer from the domain, you need to run:

sudo domainjoin-cli leave