How to use realmd in Ubuntu 14.04 LTS to join an Active Directory domain?

active-directory sssd ubuntu-14.04 linux
35,534

Solution 1

I have outlined all the steps necessary to get this up and working. There are a series of bugs regarding the install of the packages. All of the underlying software works great, but there are a few steps you have to take to make things work: http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd

Short version:

  1. Add the following to /etc/realmd.conf

    [service]
    automatic-install = no

  2. Next, install the following packages: samba-common-bin, samba-libs, sssd-tools, krb5-user, adcli

  3. Get a kerberos ticket for your AD user.

  4. Join in unattended mode with new user principal (on a single line):

realm --verbose join localdomain.xx --user-principal=myubuntuserver/[email protected] --unattended

  1. The error you mentioned is specifically related to a known bug (at least it's known to Fedora/RH at this time) in sssd. sssd segfaults on the option use_fully_qualified_names = True so go ahead and comment out that option and restart sssd.

Solution 2

I tried the accepted answer on 16.04.1 LTS and the command failed with someting about the password. Running sudo realm join normally would give the error Necessary packages are not installed: sssd-tools sssd libnss-sss libpam-sss adcli, even though they are all installed. After searching for an hour I found this workaround, which says you should add --install=/ to the join command. So the full syntax is:

sudo realm join -v -U administrator DOMAIN.COM --install=/
Share:
35,534
Vinícius Ferrão
Author by

Vinícius Ferrão

Updated on September 18, 2022

Comments

  • Vinícius Ferrão
    Vinícius Ferrão almost 2 years

    I want to use realmd to join an Active Directory domain from Ubuntu 14.04 LTS.

    To do that I just installed realmd and some dependencies with this command: aptitude install realmd sssd sssd-tools samba-common krb5-user.

    After the installation I tried to join my domain with the command realm --verbose join ad.example.com -U Administrator it asked for the Administrator password but them crashed with this output:

     * Resolving: _ldap._tcp.ad.example.com
 * Performing LDAP DSE lookup on: 10.7.0.2
 * Successfully discovered: ad.example.com
Password for Administrator: 
 * Unconditionally checking packages
 * Resolving required packages
 * Installing necessary packages: samba-common-bin
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.QARGGX -U Administrator ads join ad.example.com
Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER

Using short domain name -- AD-EXAMPLE
Joined 'REALMD-TEST' to dns domain 'ad.example.com'
No DNS domain configured for realmd-test. Unable to perform DNS Update.
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.QARGGX -U Administrator ads keytab create
Enter Administrator's password:
realm: Couldn't join realm: Message did not receive a reply (timeout by message bus)

    After those erros realmd does not even work, any command issued with realmd returns:

    realm: Couldn't connect to realm service: Error calling StartServiceByName for 
org.freedesktop.realmd: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildSignaled: 
Process /usr/lib/dbus-1.0/dbus-daemon-launch-helper received signal 11

    The file /etc/sssd/sssd.conf appears to be created correctly and /etc/nsswitch.conf modified accordingly. But this isn't sufficient to successfully join the domain.

    • Jeremy Visser
      Jeremy Visser about 10 years
      I'm getting exactly the same problem on Debian Jessie. "Signal 11" means a segfault. A segfault is always a bug in the program, so I expect this needs to be reported as a bug and fixed before it can be made to work.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't log in to Ubuntu as domain user "no passwd entry for user" (SSSD, KRB5, Samba)`
Linux SSSD with two AD Domains
vsFTPd authenticating with SSSD
Kerberos "Server not found in kerberos database" using SSH and -K Flag to Linux Machine joined to AD
Linux / AD integration with SSSD: how to choose what systems a user can log into?
Troubles with sssd and Active Directory Integration
SSSD Authentication to Windows Domain without @domain.com everywhere
SSH Logins failing for all users, even when using correct password
Joining Linux host to Active Directory fails to update Microsoft DNS
SSSD on Centos, Active Directory search returns zero results