linux:ad_integration:pbis_open

Join AD using PBIS Open

If using static IPs, then make sure to set dns-search parameter. Edit etc/network/interfaces 

dns-search contoso.com
dns-nameservers 192.168.0.100 ##the IP address of your domain controller

Download PBIS Open from here: Download releases 

chmod a+x pbis-open-8.0.0.2016.linux.x86_64.deb.sh
sudo ./pbis-open-8.0.0.2016.linux.x86_64.deb.sh
sudo reboot

“No” you do not need “legacy links” 

sudo domainjoin-cli join contoso.com admin@contoso.com
reboot
cd /opt/pbis/bin
sudo ./config UserDomainPrefix contoso
sudo ./config AssumeDefaultDomain true
sudo ./config LoginShellTemplate /bin/bash
sudo ./config Local_LoginShellTemplate /bin/bash
sudo ./config HomeDirTemplate %H/%D/%U
sudo ./update-dns
sudo ./ad-cache --delete-all

Edit /etc/lightdm/lightdm.conf for Ubuntu 13.10 and earlyer, or /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf for Ubuntu 14.04 and later, and add the following line : 

greeter-show-manual-login=true

Then restart lightdm : 

sudo service lightdm restart

Update /etc/sudoers which is done via VISUDO. NANO is the default text editor. If you want to change to something else (I prefer “vim”) use the following command 

sudo update-alternatives --config editor

Now edit sudoers 

sudo visudo

add the following line 

%domain^admins ALL=(ALL) ALL

The change should work immediately You can create a new group just for linux admins and add thet group

If you didn't set the UserDomainPrefix and AssumeDefaultDomain, group names should be prefixed by netbios domain name CONTOSO\\domain^admins

Notice the double “\\” – it is necessary (not a typo)

Main config file of PBIS is /opt/pbis/bin/config and running a dump of that file will show all the options that has been set in previous step: 

sudo /opt/pbis/bin/config --dump

Now, there is also a small bug in PAM (an authentication module used by PBIS). We need to modify a config file. You can do this via the following: vim /etc/pam.d/common-session

Find the line that says “session sufficient pam_lsass.so” and change it to read this: session [success=ok default=ignore] pam_lsass.so

, ,
  • linux/ad_integration/pbis_open.txt
  • Last modified: 2019/10/31 09:05
  • by 127.0.0.1