User Tools

Site Tools


linux:ad_integration:pbis_open

Join AD using PBIS Open

If using static IPs, then make sure to set dns-search parameter. Edit etc/network/interfaces

dns-search contoso.com
dns-nameservers 192.168.0.100 ##the IP address of your domain controller 

Download PBIS Open from here: Download releases

chmod a+x pbis-open-8.0.0.2016.linux.x86_64.deb.sh
sudo ./pbis-open-8.0.0.2016.linux.x86_64.deb.sh
sudo reboot

“No” you do not need “legacy links”

sudo domainjoin-cli join contoso.com admin@contoso.com
reboot
cd /opt/pbis/bin
sudo ./config UserDomainPrefix contoso
sudo ./config AssumeDefaultDomain true
sudo ./config LoginShellTemplate /bin/bash
sudo ./config Local_LoginShellTemplate /bin/bash
sudo ./config HomeDirTemplate %H/%D/%U
sudo ./update-dns
sudo ./ad-cache --delete-all

Edit /etc/lightdm/lightdm.conf for Ubuntu 13.10 and earlyer, or /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf for Ubuntu 14.04 and later, and add the following line :

greeter-show-manual-login=true

Then restart lightdm :

sudo service lightdm restart

Update /etc/sudoers which is done via VISUDO. NANO is the default text editor. If you want to change to something else (I prefer “vim”) use the following command

sudo update-alternatives --config editor

Now edit sudoers

sudo visudo

add the following line

%domain^admins ALL=(ALL) ALL

The change should work immediately You can create a new group just for linux admins and add thet group

If you didn't set the UserDomainPrefix and AssumeDefaultDomain, group names should be prefixed by netbios domain name CONTOSO\\domain^admins

Notice the double “\\” – it is necessary (not a typo)

Main config file of PBIS is /opt/pbis/bin/config and running a dump of that file will show all the options that has been set in previous step:

sudo /opt/pbis/bin/config --dump

Now, there is also a small bug in PAM (an authentication module used by PBIS). We need to modify a config file. You can do this via the following: vim /etc/pam.d/common-session

Find the line that says “session sufficient pam_lsass.so” and change it to read this: session [success=ok default=ignore] pam_lsass.so

linux/ad_integration/pbis_open.txt · Last modified: 2017/08/10 10:59 (external edit)