Join AD using PBIS Open

If using static IPs, then make sure to set dns-search parameter. Edit etc/network/interfaces

dns-nameservers ##the IP address of your domain controller 

Download PBIS Open from here: Download releases

chmod a+x
sudo ./
sudo reboot

“No” you do not need “legacy links”

sudo domainjoin-cli join
cd /opt/pbis/bin
sudo ./config UserDomainPrefix contoso
sudo ./config AssumeDefaultDomain true
sudo ./config LoginShellTemplate /bin/bash
sudo ./config Local_LoginShellTemplate /bin/bash
sudo ./config HomeDirTemplate %H/%D/%U
sudo ./update-dns
sudo ./ad-cache --delete-all

Edit /etc/lightdm/lightdm.conf for Ubuntu 13.10 and earlyer, or /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf for Ubuntu 14.04 and later, and add the following line :


Then restart lightdm :

sudo service lightdm restart

Update /etc/sudoers which is done via VISUDO. NANO is the default text editor. If you want to change to something else (I prefer “vim”) use the following command

sudo update-alternatives --config editor

Now edit sudoers

sudo visudo

add the following line

%domain^admins ALL=(ALL) ALL

The change should work immediately You can create a new group just for linux admins and add thet group

If you didn't set the UserDomainPrefix and AssumeDefaultDomain, group names should be prefixed by netbios domain name CONTOSO\\domain^admins

Notice the double “\\” – it is necessary (not a typo)

Main config file of PBIS is /opt/pbis/bin/config and running a dump of that file will show all the options that has been set in previous step:

sudo /opt/pbis/bin/config --dump

Now, there is also a small bug in PAM (an authentication module used by PBIS). We need to modify a config file. You can do this via the following: vim /etc/pam.d/common-session

Find the line that says “session sufficient” and change it to read this: session [success=ok default=ignore]

Enter your comment:
203 +1 =
  • linux/ad_integration/pbis_open.txt
  • Last modified: 2019/10/31 09:05
  • by