How to use realmd in Ubuntu 14.04 LTS to join an Active Directory domain?
Solution 1
I have outlined all the steps necessary to get this up and working. There are a series of bugs regarding the install of the packages. All of the underlying software works great, but there are a few steps you have to take to make things work: http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd
Short version:
-
Add the following to
/etc/realmd.conf
[service]
automatic-install = no
Next, install the following packages: samba-common-bin, samba-libs, sssd-tools, krb5-user, adcli
Get a kerberos ticket for your AD user.
Join in unattended mode with new user principal (on a single line):
realm --verbose join localdomain.xx --user-principal=myubuntuserver/[email protected] --unattended
- The error you mentioned is specifically related to a known bug (at least it's known to Fedora/RH at this time) in sssd. sssd segfaults on the option
use_fully_qualified_names = True
so go ahead and comment out that option and restart sssd.
Solution 2
I tried the accepted answer on 16.04.1 LTS and the command failed with someting about the password. Running sudo realm join
normally would give the error Necessary packages are not installed: sssd-tools sssd libnss-sss libpam-sss adcli
, even though they are all installed. After searching for an hour I found this workaround, which says you should add --install=/
to the join command. So the full syntax is:
sudo realm join -v -U administrator DOMAIN.COM --install=/
Vinícius Ferrão
Updated on September 18, 2022Comments
-
Vinícius Ferrão almost 2 years
I want to use
realmd
to join an Active Directory domain from Ubuntu 14.04 LTS.To do that I just installed
realmd
and some dependencies with this command:aptitude install realmd sssd sssd-tools samba-common krb5-user
.After the installation I tried to join my domain with the command
realm --verbose join ad.example.com -U Administrator
it asked for the Administrator password but them crashed with this output:* Resolving: _ldap._tcp.ad.example.com * Performing LDAP DSE lookup on: 10.7.0.2 * Successfully discovered: ad.example.com Password for Administrator: * Unconditionally checking packages * Resolving required packages * Installing necessary packages: samba-common-bin * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.QARGGX -U Administrator ads join ad.example.com Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER Using short domain name -- AD-EXAMPLE Joined 'REALMD-TEST' to dns domain 'ad.example.com' No DNS domain configured for realmd-test. Unable to perform DNS Update. * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.QARGGX -U Administrator ads keytab create Enter Administrator's password: realm: Couldn't join realm: Message did not receive a reply (timeout by message bus)
After those erros
realmd
does not even work, any command issued withrealmd
returns:realm: Couldn't connect to realm service: Error calling StartServiceByName for org.freedesktop.realmd: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildSignaled: Process /usr/lib/dbus-1.0/dbus-daemon-launch-helper received signal 11
The file
/etc/sssd/sssd.conf
appears to be created correctly and/etc/nsswitch.conf
modified accordingly. But this isn't sufficient to successfully join the domain.-
Jeremy Visser about 10 yearsI'm getting exactly the same problem on Debian Jessie. "Signal 11" means a segfault. A segfault is always a bug in the program, so I expect this needs to be reported as a bug and fixed before it can be made to work.
-