Join Ubuntu 14.04LTS to a Windows Domain using PBI

The following instructions will guide you through the process of joining an Ubuntu 14.04 client to a Windows Domain using Power Broker Identity Services Open Edition version 8.0.1.2029 64bit.

(This process should also work for Lubuntu 14.04)

Environment: 
Windows Server 2012 Standard Domain Controller 
Ubuntu 14.04 LTS and Lubuntu 14.04 Client PCs

1.

Download the most current stable version of Power Broker Identity Services Open Edition

Go to the following address and download the most current version of PBIS:

http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

Or, from a terminal type the following commands:

cd ~ 
sudo wget http://download.beyondtrust.com/PBISO/8.0.1/linux.deb.x64/pbis-open-8.0.1.2029.linux.x86_64.deb.sh


2.

Make the pbis installation script executable

In the terminal navigate to the directory where pbis-open-8.0.1.2029.linux.x86_64.deb.sh is located and execute the following command:

sudo chmod +x pbis-open-8.0.1.2029.linux.x86_64.deb.sh


3.

Run the pbis installation script

From the terminal type the following command to install pbis open:

sudo ./pbis-open-8.0.1.2029.linux.x86_64.deb.sh


4.

Use PBIS Open to join your PC to the Windows Domain

From the terminal:

cd /opt/pbis/bin/ 
sudo domainjoin-cli join --disable ssh $domainname $domainaccount

*where domainname = the name of your domain and domainaccount = user@domainname.###

EXAMPLE: sudo domainjoin-cli --disable ssh frijoles.com [email protected]

When prompted for a password supply the appropriate credentials and you should receive a "SUCCESS" prompt when finished.


5.

Set-up default configuration for domain users

Use PBIS to pre-configure the user environment for all domain users that log into the newly added system.

From the terminal:

sudo /opt/pbis/bin/config UserDomainPrefix $domain 
sudo /opt/pbis/bin/config AssumeDefaultDomain true 
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash 
sudo /opt/pbis/bin/config HomeDirTemplate %H/%U 
sudo /opt/pbis/bin/config RequireMembershipOf "$domain\\$securitygroup"


6.

Edit the pamd.d common-session file

From a terminal: 
sudo vi /etc/pam.d/common-session

Find the line that states the following: 
session sufficient pam_lsass.so

Replace it with: 
session [success=ok default=ignore] pam_lsass.so


7.

Edit the lightdm configuration file

Edit the lightdm configuration file and append the following lines:

sudo vi /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf

allow-guest=false 
greeter-show-manual-login=true

*If you are using Lubuntu 14.04 your lightdm configuration file will be: 60-lightdm-gtk-greeter.conf


8.

Give sudo access to users/groups

Add any necessary administrative users and/or groups from your domain to the sudoers file to give them sudo privileges.

From a terminal:

sudo vi /etc/sudoers

*using the file's configuration examples add users/groups appropriately.

EXAMPLE:

fadmin ALL=(ALL:ALL) ALL


9.

Reboot and Log-in

Reboot your PC and log-in using an appropriate domain user account.


Conclusion

These instructions have only been tested on Lubuntu 14.04 and Ubuntu 14.04 LTS Distributions. With minimal tweaking these steps should also work for other distributions. Older and now deprecated versions of Likewise-Open should work in a similar fashion as PBIS-Open, and may be required on older distributions.


你可能感兴趣的:(windows,ubuntu,domain,PBIS-Open)