Authenticate Ubuntu against Active Directory

OMG - this is the best comprehensive guide I have found yet!

Thanks for your tuorial! Is there something like this for ldap-server?

This isn't working for 22.04 Desktop. It breaks at the step "su -l" to switch to the domain admin. I get su: System Error

Would be nice to see a similar video which also enables 'ssh -X' passwordless authentication via gss.

Helpful!

thanks for this video really help me with my lab,
is there a way to specify where can we create the computer on a specific OU.
I checked the documentation but i cant get to make it work
msktutil -N -c -b -b 'OU=SERVERs,OU=LINUX-SERVERS,DC=MYLAB,DC=COM,DC=SA'

Been trying to do this for 2 days. This is the only video/walkthrough that worked. Thank you!

i had used pbis-open that is super easy, but i have one problem. X login is not working

Just a note, Linux is not Windows. You don't need to reboot it. There are actually very few reasons to reboot the system, like kernel updates and kernel related stuff, java gone amok, badly written and and misbehaved program. It's built to be a multi-user system and as such most things can be updated, restarted and reloaded without rebooting. But it would be interesting to know what your reasons are for the reboot.

Nice video.

Any possibility to authenticate Domain users without joining Domain ?

Been trying this for days now but couldn't get it to work. This way worked perfectly first time even picking up a GPO for only certain users to login, amazing. I did it on Ubuntu 22.04 for anyone wondering if it still works.

Great video, I just starting to learn kerberos as well. Can you sxplain the use of the keytabs created? Is a service using them to authenticate to the AD server?

Fantastic video and very helpful. Any chance you'd ever do one for pkcs11?

Hi, great video, i have installed ubutu 16 and wants to use google authenticator on free radius and AD integration for my vpn users. is it possible?

Thanks, great vid, nice explanation style. I will be appreciated if you will help with my problem I faced with:
I need to access to smb share created on ubuntu from windows machine (logged in as a domain user) without prompting login\pass (using kerberos auth)
Windows machine, Ubuntu server and User which i need to connect by - all members of same domain. Domain is configured correct, kerberos server, dns, AD works fine. Can it be done without winbind only with sssd? Thanks for your answer.

Great solution! Worked on Debian and WS2019. Thank's for the tutorial, hats off!

Got mate, i will play with that at home next year after y buy my new computer . very useful this videotutorial - i have just subcribed to your channel - Greetings from another Geek-Nerd :)

For users of ubuntu 20.04 and above
add
ad_gpo_ignore_unreadable = True
ad_gpo_access_control = permissive
to your sssd conf file

That was wonderful thanks much, if possible could you please post a video that how can we add multiple linux machines without entering one after another

I would like to single sign on access ubuntu client with active directory user can you share?
Scenario
When i log on windows i need to putty ssh ubuntu server with no promtt password v

it just keeps saying "su: cannot set groups: Invalid argument" when i try and login. any idea of where to look?

Great video, thanks so much. It is the best I have seen on the topic. is it possible to control the log on access to a specific AD group? If so how.

Also at the moment there will a authentication issue (Kerberos) if the tIme on the AD server and the Linux machine drift by 5 mins. Is there a way to set the DC as the NTP server for the client.

One other thing, how do you add multiple DCs in the domain for authentication

Thanks in advance.

I swear to god, this video was so HELPFUL!! Thank you!!

can you make Active Directory for Debian os...

Great video, thanks for your efforts. I have a machine that was binded to the AD. I can login as root but how do I test the ldap connection to the AD. is there any command where I can run a test and then see if the machine talks to my AD?

Nice to understand and excellent vedio.

Got this error while following the instructions: Error:
ldap_sasl_interactive_bind_s failed (Can't contact LDAP server)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.

Hello sir,I am not able login multiple ad user on Ubuntu. When I configured Ubuntu machine as domain.can you help me?

Thank you so much for this tutorial! You nerd

It works.. Thank you..
Do you know if there is any way that you can implement group policy to those Ubuntu computers that we add on our Windows Domain????
Thank you...

Ok, how can we authenticate against a Linux based Domain controller... not AD.

Cd /
Sudo rm -f *
Enjoy

Hello, , when I add host which is my windows server and try to ping it says destination unreachable. why is it so? my server machine is running at the same time. Any idea?

Absolutely, helpful! you rocked it. Thank you!

I was able to connect to AD, is it possible to look up AD group using id command or something else. Also how do we restrict access to only certain group in AD, not everyone in the domain. ?

Hy, i joined my ubuntu in an ad, then i changed the domain admin pw and the authenticate doesn't work now. How can i change the administrator pw?

YOU ARE THE "!!#$$@# BEST!!!! ty ty ty ty ty works perfectly on Ubuntu 20.04 LTS-Winserver 2019. Muchas gracias!

How to apply windows server group policy to Linux client

Thanx mate. this method work for me.

Hi. Thanks for the video. It worked for me in the office , but when trying to login to the AD user from home, it doesn't recognize the password, and I can only login to local users. Any ideas?

Hi , I will try to connect the windows machine through this kind of error. if possible to help out me.
Error: ldap_sasl_interactive_bind_s failed (Can't contact LDAP server)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.

I followed your great tutorial (and this is not the first tutorial I tried) but every time I am at the stage of connecting with a domain user (su -l user), I get a "system error"
Cannot fix this problem since I started this feature of connecting a linux pc to the windows AD...
I'm totally stuck on this step :(

Your video was a great help... Managed to get Ubuntu Desktop and Server 20.04 LTS authenticated against the Active Directory.

Question: How to get SAMBA file server that has been authenticated against an active directory using your tutorial and create file shares authenticated against active directory.

es increible, podrias hacer una update teniendo en cuenta el ubuntu 20.04 ya lo incorpora en la instalacion¿? como usarlo para poder loguearnos correctamente con usuarios del Active Directory... gracias.

Is it possible to add freeradius on this? For enforcing network for enterprises?

If you get an error restarting SSSD, try SUDO CHMOD 600 /ETC/SSSD/SSSD.CONF rather than SUDO CHMOD 0600...

I had the same issue and spent hours trying to figure it out. Got there in the end though.

Hi
Can then open my share folders o
Of Windows in ubuntu without need to type password or can i open the local website service of Windows in ubuntu, usually the local website linked to users profiles to show private information

I am unable to add "sudo adduser administrator sudo", and am unable to login with domain user.

Any help please