How to Join a Linux (ubuntu machine) to Windows Active Directory

# Install the updates

sudo apt update -y

# Install the needed packages

sudo apt -y install realmd libnss-sss libpam-sss sssd sssd-tools adcli samba-common-bin oddjob oddjob-mkhomedir packagekit

# Set the ubuntu server name to match the schema of AD setup

sudo hostnamectl set-hostname ubu-01.telzmart.com

# Disable the running resolv service on ubuntu so that we can join the domain DNS

sudo systemctl disable systemd-resolved.service

# Add the Windows server Domain contoller IP as nameserver

sudo vi /etc/resolv.conf

 – nameserver 10.0.10.10

# Discover the domain in our network

sudo realm discover telzmart.com

# Join the domain with domain username and password

sudo realm join -U Administrator telzmart.com

# View current realmd details

realm list

# On RHEL based systems, user’s home directory will be created automatically.
# On Ubuntu / Debian, you need to enable this feature.

sudo bash -c "cat > /usr/share/pam-configs/mkhomedir" <<EOF
Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required                        pam_mkhomedir.so umask=0022 skel=/etc/skel
EOF

# Restart PAM

sudo pam-auth-update

# In the PAM configuration update the setting.

* activate mkhomedir

# Restart SSSD (client program which does the authentication)

sudo systemctl restart sssd

# Test the connection

id administrator@telzmart.com
id telson.thomas@telzmart.com

# Control Access – Limit to user/group

sudo realm permit telson.thomas@telzmart.com (Alllow a user)
sudo ream permit -g sysadmins (Allow certain groups)
sudo realm permit --all ( Allow all users)
sudo realm deny --all (Deny all users)

# Configure Sudo Access

# By default Domain users won’t have permission to escalate privilege to root. 
# Users have to be granted access based on usernames or groups.
sudo vim /etc/sudoers.d/domain_admins
telson.thomas@telzmart.com        ALL=(ALL)       ALL (grand access to a user)
%group1@telzmart.com     ALL=(ALL)   ALL (grand access to a group)

# SSH into the machine with domain credentials

ssh techcuriosity\\telson.thomas@localhost or ssh "techcuriosity\telson.thomas@localhost"

$ pwd

/home/telson.thomas@techcuriosity.com (you now have a home directory on the linux machine)