Check User Login Active Directory on Domain Controller Updated FREE

Check User Login Active Directory on Domain Controller

Howdy World,

In ane of our previous posts (Ubuntu – Join Ubuntu twenty.ten Desktop in Agile Directory Domain during Setup), we have demonstrated how piece of cake it was to join an Ubuntu twenty.ten Desktop edition into an Active Directory during the Setup process.  Indeed, Ubuntu 20.10 ubiquity version offers a piece of cake to employ interface to provide the minimum necessary information to admission the Active directory domain and the sorcerer perform its magic in the background.

All the same, some readers have been asking to provide some more than data nearly how to join an Active Directory domain when the Ubuntu machine has already been installed.  This post will try to provide enough information to join an Ubuntu xx.04 Desktop machine into an Active Directory…

Then let'due south do this….

Overview

The Active Directory joining choice in the Ubuntu 20.10 Setup Wizard might seem a really minor feature. Actually, it'south a actually a great characteristic.  Think nigh it !  Active directory has been deployed in a lot of corporate environment.  Past simplifying the process to join Active Directory, Approved is positioning Ubuntu as a real alternative and help to leverage Active Directory investments.   This feature is providing actually interoperability between Ubuntu Operating system and windows Operating organization and the best function is that the procedure is actually simple and appealing to companies.

Assumptions  & Scenario

In this post, we volition assume the post-obit

• You are running Ubuntu twenty.04.1 Desktop
• You have already an Active Directory up and running (let'southward use the domain name : c-nergy.lab)
• Yous have a Active Directory DNS server  upwardly and running (server ip could be 192.168.1.180/24)
• Agile Directory is providing Time services
• You have internet access in order to download the boosted packages that needs to be installed

If yous accept all these prerequisites met, nosotros tin motility to the side by side section

Initial Ubuntu Desktop Configuration Settings

Earlier attempting to join Active Directory from your Ubuntu 20.04 Desktop, you will need to perform some per-configuration activities.  Indeed, in guild to successfully join AD Domain, you will need to configure you lot machine with the following settings

• Fully Qualified domain Proper noun (matching the Advertisement Domain name)
• Configure proper DNS then name resolution for AD Domain would exist possible
• Configure Fourth dimension services (needed for Kerberos authentication and validation)
• Installing necessary packages on Ubuntu to enable Authentication to remote directory service.

Step 0 – Installing SSSD software &  Tools

SSSD stands for "Arrangement Security Services Daemon" which basically manage access and retrieve information to remote directories.  SSSD is basically connecting to Active Directory and check if the account has the rights to perform the connection.  This package is not installed by default. So, get-go we will need to install this package. To practise that, open upward a Final console and consequence the following control

            sudo apt-go install sssd-ad sssd-tools realmd adcli          

Click on Picture for Better Resolution

Wait for installation to consummate and motion to the side by side steps

Step one – Hostname  & Hostname Resolution

In this step, we will ensure that our Ubuntu machine is already configured with a proper proper noun and that the fully qualified domain proper name is used.  To validate or configure your arrangement with a proper computer name, y'all will demand to edit the  file.

            /etc/hostname          

In this file, you will have to enter the fully qualified domain name (FQDN) that will exist used.  It's of import to note that the FQDN of the Ubuntu machine needs to lucifer the Domain name of the Agile Directory.    So, in our scenario, the FQDN will look like ubuntuwks01.c-nergy.lab

To check that the change is applied accordingly, you can event the following command

            hostname -f          

As you tin see, this command should return the FQDN you have divers in the /etc/hostname configuration file

Click on Motion-picture show for Ameliorate Resolution

Step 2 – Configuring valid DNS Servers on Ubuntu car

If you are using a DHCP infrastructure, no need to perform whatever changes as long equally the DHCP server provide  the IP address of the Active Directory DNS server.  If you are using a static ip address, you might demand to change the DNS Server Address in your Ubuntu machine to point the AD DNS server.

Click on Film for Better Resolution

If yous do change the ip configuration of your Ubuntu machine, do not forget to disable/enable the interface to ensure that the modify volition be committed. In the  organization settings > Network tab, slide the button to bring it downwards.

Click on Picture for Better Resolution

When done, enable the network interface dorsum to ensure that the changes you take performed are applied accordingly

Click on Picture for Better Resolution

Stride three – Configure Time services on Ubuntu car

Time service is an of import element in Agile Directory and more than specifically when using Kerberos protocol.  If you have a large fourth dimension difference between your ubuntu machine and a domain controller that volition cheque your credentials, the login will neglect (clock skew). Default clock skew is 5 minutes.   To ensure that no time drift occur, we will need to configure ubuntu machine to point to a reliable time source.

Past default, Ubuntu get its fourth dimension from a public NTP server (usually ntp.ubuntu.com).  To ensure that no fourth dimension migrate would occur, we volition configure our Ubuntu auto to bespeak to the Agile Directory Time Source Server. In our scenario, we are using the Domain controller in AD as authoritative source for our Ubuntu auto.

To configure time service, edit the file

            /etc/systemd/timesyncd.conf          

Await for the NTP line.  Delete the information and enter the FQDN of your Fourth dimension source server  (see screenshot below)

Click on Picture for Ameliorate Resolution

At this phase, we should be ready to move forrad to the adjacent step….

Connecting to Active Directory

Pace 1 – Discovering Active Directory

At this stage, we should be ready to connect to your Agile Directory.  Indeed, we have installed the necessary packages to "talk" to Active Directory (i.east. SSSSD) and the proper noun resolution process has been configured accordingly (ip address and dns server settings).  Before nosotros finer join the domain, we will first check that our configuration is valid and that we volition be able to join our Active directory domain.

Open a Terminal console and outcome the following command

            realm find <%AD Domain Name%>          

As shown in the screenshot beneath, if your configuration is correct, you should meet information nigh the Advertisement domain you are most to join.  Discover the line Configure : nowhich basically tells you that you are not nonetheless continued to the Active Directory

Click on Picture for Better Resolution

Step 2 – Joining Agile Directory

Time to join the Active Directory.  The joining process is quite simple really. From your Terminal Console, but effect the following command

            realm bring together <%Ad Domain Proper name%>          

Click on Picture for Amend Resolution

You lot will exist prompted for a password. The password to be provided is for an account in Active Directory that has the right to bring together machines into the domain. Lot of people would be using the Advertizement Administrator account

Click on Picture show for Better Resolution

If no mistake messages are displayed, you can  become to your Active Directory and cheque that a computer account for your Ubuntu automobile has been created accordingly. By default, the computer account volition be created and located under the Computers container.

Click on Picture for Improve Resolution

You can besides employ the  post-obit command line to check and retrieve information well-nigh the Active Directory Domain our Ubuntu motorcar is connected to

            realm list <%Ad Domain Proper noun%>          

Click on Flick for Better Resolution

Annotation :

You can also see the configured field that has changed from no to kerberos member.  So, now your machine is able to remember data from your Agile Directory and authenticate against it.

Stride iii – Creating home directory automatically

If you lot desire to have user dwelling directory created automatically when the user logs in, you will need to perform an additional pace.  This might non be needed in the future as this was detected as a bug in the realmd packages.  To enable this feature, we will need to execute the post-obit command in a Last console

            # pam-auth-update --enable mkhomedir          

Click on Flick for Improve Resolution

Pace iv – Test your setup

You can test and validate the login process using the command line or by simply login in though the desktop interface.  In our scenario, nosotros volition be using the Graphical interface to login into our Active Directory Infrastructure.   You volition only demand to follow these steps

Stride 1 – In the login screen, click on Not Listed ?

Click on Picture for better Resolution

Stride ii -In the Username screen, provide your AD User account using the upn structure (something like user01@mydomain.com)

Click on Film for better Resolution

Step 3 – In the Password screen, provide your Advert password…Look for the login procedure to complete

Click on Picture for meliorate Resolution

Step 4 – Once you are logged into the Ubuntu automobile, yous can perform an additional check and assess that you are indeed using an Active Directory user account….

Click on Pic for better Resolution

Note :

We had a small issue when we showtime logged into Ubuntu automobile using our Active Directory User business relationship, the login procedure was looping and we were presenting the login screen time over again. To fix this issue, the easiest solution is to simply reboot your Ubuntu machine and try over again

Leaving Active Directory

For whatever reasons, you would demand to remove the Ubuntu machine from the Agile Directory domain, you tin can merely issue the post-obit command

            sudo realm leave <%Ad Domain Name%>          

If no errors are displayed on your screen, y'all accept successfully left the AD Domain and y'all can employ your Ubuntu machine as a standalone machine.

Final Notes

This is it for this postal service !

Equally you can see, nowadays, joining an Agile Directory is relatively easy. Ubuntu 20.ten can join an Active directory Domain during the initial setup. If y'all need to join an Active directory domain after the initial setup, the process is really simplified through the usage of the sssd and realmd packages as long as yous have all the necessary per-requistes in place.

Nosotros have provided here a actually bones overview of Ubuntu integration with Active Directory. If you are interested in knowing more than about Active Directory and Ubuntu integration, you might desire to have a look at the 2 links provided below.  They would provide you more detailed information near how the sssd is working and how to ensure that secure configuration can be achieved

Till side by side fourth dimension

Run across ya

References and additional readings

• https://ubuntu.com/server/docs/service-sssd
• https://discourse.ubuntu.com/t/service-sssd/11579

Check User Login Active Directory on Domain Controller

DOWNLOAD HERE

Source: https://c-nergy.be/blog/?p=16472

Posted by: ellaalwand.blogspot.com