====== Join AD using PBIS Open ======
If using static IPs, then make sure to set dns-search parameter.
Edit etc/network/interfaces
<code bash>dns-search contoso.com
dns-nameservers 192.168.0.100 ##the IP address of your domain controller </code>

Download PBIS Open from here: [[https://github.com/BeyondTrust/pbis-open/releases|Download releases]]
<code bash>chmod a+x pbis-open-8.0.0.2016.linux.x86_64.deb.sh
sudo ./pbis-open-8.0.0.2016.linux.x86_64.deb.sh
sudo reboot</code>

“No” you do not need “legacy links”

<code bash>
sudo domainjoin-cli join contoso.com admin@contoso.com
reboot
</code>

<code bash>
cd /opt/pbis/bin
sudo ./config UserDomainPrefix contoso
sudo ./config AssumeDefaultDomain true
sudo ./config LoginShellTemplate /bin/bash
sudo ./config Local_LoginShellTemplate /bin/bash
sudo ./config HomeDirTemplate %H/%D/%U
sudo ./update-dns
sudo ./ad-cache --delete-all
</code>

Edit /etc/lightdm/lightdm.conf for Ubuntu 13.10 and earlyer, or /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf for Ubuntu 14.04 and later, and add the following line :
<code bash>greeter-show-manual-login=true</code>
Then restart lightdm :
<code bash>sudo service lightdm restart</code>

Update /etc/sudoers which is done via VISUDO. NANO is the default text editor. If you want to change to something else (I prefer “vim”) use the following command
<code bash>sudo update-alternatives --config editor</code>
Now edit sudoers
<code>sudo visudo</code>
add the following line
<code bash>%domain^admins ALL=(ALL) ALL</code>
The change should work immediately
You can create a new group just for linux admins and add thet group

If you didn't set the UserDomainPrefix and AssumeDefaultDomain, group names should be prefixed by netbios domain name CONTOSO\\domain^admins

Notice the double “\\” – it is necessary (not a typo)

Main config file of PBIS is /opt/pbis/bin/config and running a dump of that file will show all the options that has been set in previous step:
<code bash>sudo /opt/pbis/bin/config --dump</code>


Now, there is also a small bug in PAM (an authentication module used by PBIS). We need to modify a config file. You can do this via the following:
vim /etc/pam.d/common-session

Find the line that says “session sufficient pam_lsass.so” and change it to read this:
session [success=ok default=ignore] pam_lsass.so
{{tag>["active directory" linux "pbis open"]}}