Today, we will see how to join an Ubuntu server (version 16.04) to an Active Directory domain. It could be useful in case if you want that your administrators use their domain account to connect to servers, etc.

To start, connect to your server and execute the following command to install packets that will help us to join the domain:

command to install packets

A new page will open and ask you the domain name, so write it:

the command page

Now, you need to configure the date to have the same that your domain controller. Edit the file ntp.conf and provide the name or the IP of your domain controller:

the configuration window

Restart the NTP service:

You can show your date/hour with the command date:

the command window

Now we will configure the Kerberos part. Because our configuration is new, we will delete everything inside the file and insert our new configuration. Execute the following commands:

Adapt the configuration to your values:

command window

Save the file. We will create a token for a user in our AD, who has rights to join the server to the domain. Execute the following command:

And, to verify that the token has been created correctly, execute the command sudo klist:

command window

We will modify the configuration file for Samba. If you want to have another name that the name in /etc/hostname, add the line NetBIOS name = newservername. Replace the line workgroup = WORKGROUP in the configuration file by the following, adapting to your values:

Command window

Save the configuration. Now we will modify the file nsswitch.conf to indicate that we use groups and users of the Active Directory (winbind):

command window

Now it’s time to join our Ubuntu Server 16.04 to our Active Directory. Use the following command:

command window

You can ignore the error concerning the DNS. The object in the Active Directory:

Active Directory window

ubuntu properties window

We will try that the Active Directory authentication is working fine. Use the following command:

A display appears. Be sure that the line Winbind NT/Active Directory authentication is selected. I selected the line to create a default repository for each user, when he will connect to the server:

command window

Restart services to apply all changes:

command window

You can use the following commands to check that the Active Directory synchronization is working fine:

command window

command window

command window

I added my username in the sudoer group:

command window

You can connect to your Ubuntu server with your domain account and move to root:

command window

The next article will be about the installation and utilization of the SQLCMD tool to manage your SQL Server databases from a Linux server 🙂

Back to blog