Join Ubuntu 15.10 to a Windows Active Directory Domain

sssd-kerberos-smb-active-directory-ubuntu.txt

<#
  Detailed blog: https://blog.netnerds.net/2016/04/joining-ubuntu-to-an-active-directory-domain/
  
  In this example:
  1. Fresh install of Ubuntu 15.10 Server
  2. DNS is set to AD’s DNS servers
  3. The Active Directory domain is base.local
  4. The test user is base\adadmin, which has domain admin privs on AD
#>

# Install required packages (ntp keeps your clock on time)
sudo apt-get -y install ntp ntpdate 

# To add your DC to the time server list, edit /etc/ntp.conf
sudo service ntp stop
sudo ntpdate -s ntp.ubuntu.org
sudo service ntp start

# install required packages
sudo apt-get -y install krb5-user samba sssd

# Next, setup SSSD by creating the file, setting the owner, and changing its persmissions
sudo touch /etc/sssd/sssd.conf
sudo chown root:root /etc/sssd/sssd.conf
sudo chmod 600 /etc/sssd/sssd.conf
 
sudo vi /etc/sssd/sssd.conf
 
    [sssd]
    services = nss, pam
    config_file_version = 2
    domains = BASE.LOCAL
     
    [domain/BASE.LOCAL]
    id_provider = ad
    override_homedir = /home/%d/%u
    access_provider = simple
    simple_allow_users = ctrlb@base.local,chrissy@base.local
    simple_allow_groups = linux-admin,linux-users
    
# Note that the last two lines above restrict access. Update them to suit your own enviornment.

# Next, sudo vi /etc/sssd/sssd.conf and replace the line workgroup = WORKGROUP with the following

    workgroup = BASE
    client signing = yes
    client use spnego = yes
    kerberos method = secrets and keytab
    realm = BASE.LOCAL
    security = ads
    
# restart services
sudo service smbd restart
sudo service nmbd restart

# get Kerberos ticket-granting ticket using domain admin account
kinit adadmin

# join domain (this is samba btw)
sudo net ads join -k

# start sssd to do caching and magic
sudo service sssd start