Show pageOld revisionsBacklinksExport to PDFBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Join AD using PBIS Open ====== If using static IPs, then make sure to set dns-search parameter. Edit etc/network/interfaces <code bash>dns-search contoso.com dns-nameservers 192.168.0.100 ##the IP address of your domain controller </code> Download PBIS Open from here: [[https://github.com/BeyondTrust/pbis-open/releases|Download releases]] <code bash>chmod a+x pbis-open-8.0.0.2016.linux.x86_64.deb.sh sudo ./pbis-open-8.0.0.2016.linux.x86_64.deb.sh sudo reboot</code> “No” you do not need “legacy links” <code bash> sudo domainjoin-cli join contoso.com admin@contoso.com reboot </code> <code bash> cd /opt/pbis/bin sudo ./config UserDomainPrefix contoso sudo ./config AssumeDefaultDomain true sudo ./config LoginShellTemplate /bin/bash sudo ./config Local_LoginShellTemplate /bin/bash sudo ./config HomeDirTemplate %H/%D/%U sudo ./update-dns sudo ./ad-cache --delete-all </code> Edit /etc/lightdm/lightdm.conf for Ubuntu 13.10 and earlyer, or /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf for Ubuntu 14.04 and later, and add the following line : <code bash>greeter-show-manual-login=true</code> Then restart lightdm : <code bash>sudo service lightdm restart</code> Update /etc/sudoers which is done via VISUDO. NANO is the default text editor. If you want to change to something else (I prefer “vim”) use the following command <code bash>sudo update-alternatives --config editor</code> Now edit sudoers <code>sudo visudo</code> add the following line <code bash>%domain^admins ALL=(ALL) ALL</code> The change should work immediately You can create a new group just for linux admins and add thet group If you didn't set the UserDomainPrefix and AssumeDefaultDomain, group names should be prefixed by netbios domain name CONTOSO\\domain^admins Notice the double “\\” – it is necessary (not a typo) Main config file of PBIS is /opt/pbis/bin/config and running a dump of that file will show all the options that has been set in previous step: <code bash>sudo /opt/pbis/bin/config --dump</code> Now, there is also a small bug in PAM (an authentication module used by PBIS). We need to modify a config file. You can do this via the following: vim /etc/pam.d/common-session Find the line that says “session sufficient pam_lsass.so” and change it to read this: session [success=ok default=ignore] pam_lsass.so {{tag>["active directory" linux "pbis open"]}} linux/ad_integration/pbis_open.txt Last modified: 2019/10/31 09:05by 127.0.0.1