Monday, August 11, 2014

Join Ubuntu 14.04LTS to a Windows Domain using PBIS Open

The following instructions will guide you through the process of joining an Ubuntu 14.04 client to a Windows Domain using Power Broker Identity Services Open Edition version 8.0.1.2029 64bit.
(This process should also work for Lubuntu 14.04)

Environment:
Windows Server 2012 Standard Domain Controller
Ubuntu 14.04 LTS and Lubuntu 14.04 Client PCs

1.Download the most current stable version of Power Broker Identity Services Open Edition
Go to the following address and download the most current version of PBIS:
http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True
Or, from a terminal type the following commands:
cd ~
sudo wget http://download.beyondtrust.com/PBISO/8.0.1/linux.deb.x64/pbis-open-8.0.1.2029.linux.x86_64.deb.sh

2.Make the pbis installation script executable
In the terminal navigate to the directory where pbis-open-8.0.1.2029.linux.x86_64.deb.sh is located and execute the following command:
sudo chmod +x pbis-open-8.0.1.2029.linux.x86_64.deb.sh

3.Run the pbis installation script
From the terminal type the following command to install pbis open:
sudo ./pbis-open-8.0.1.2029.linux.x86_64.deb.sh

4.Use PBIS Open to join your PC to the Windows Domain
From the terminal:
cd /opt/pbis/bin/
sudo domainjoin-cli join --disable ssh $domainname $domainaccount
*where domainname = the name of your domain and domainaccount = user@domainname.###
EXAMPLE: sudo domainjoin-cli --disable ssh frijoles.com fadmin@frijoles.com
When prompted for a password supply the appropriate credentials and you should receive a "SUCCESS" prompt when finished.

5.Set-up default configuration for domain users
Use PBIS to pre-configure the user environment for all domain users that log into the newly added system.
From the terminal:
sudo /opt/pbis/bin/config UserDomainPrefix $domain
sudo /opt/pbis/bin/config AssumeDefaultDomain true
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
sudo /opt/pbis/bin/config RequireMembershipOf "$domain\\$securitygroup"

6.Edit the pamd.d common-session file
From a terminal:
sudo vi /etc/pam.d/common-session
Find the line that states the following:
session sufficient pam_lsass.so
Replace it with:
session [success=ok default=ignore] pam_lsass.so

7.Edit the lightdm configuration file
Edit the lightdm configuration file and append the following lines:
sudo vi /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf
allow-guest=false
greeter-show-manual-login=true
*If you are using Lubuntu 14.04 your lightdm configuration file will be: 60-lightdm-gtk-greeter.conf

8.Give sudo access to users/groups
Add any necessary administrative users and/or groups from your domain to the sudoers file to give them sudo privileges.
From a terminal:
sudo vi /etc/sudoers
*using the file's configuration examples add users/groups appropriately.
EXAMPLE:
fadmin ALL=(ALL:ALL) ALL

9.Reboot and Log-in
Reboot your PC and log-in using an appropriate domain user account.

Conclusion
These instructions have only been tested on Lubuntu 14.04 and Ubuntu 14.04 LTS Distributions. With minimal tweaking these steps should also work for other distributions. Older and now deprecated versions of Likewise-Open should work in a similar fashion as PBIS-Open, and may be required on older distributions.

1 comment:

Gurpreet Singh said...

I am getting confuse over these lines :

Whats is %H/%U and \\securitygroup

sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
sudo /opt/pbis/bin/config RequireMembershipOf "$domain\\$securitygroup"