Home / server / Questions / 598476
Accepted
Vinícius Ferrão
Asked: 2014-05-26 10:49:42 +0800 CST

How to use realmd in Ubuntu 14.04 LTS to join an Active Directory domain?

  • 772

I want to use realmd to join an Active Directory domain from Ubuntu 14.04 LTS.

To do that I just installed realmd and some dependencies with this command: aptitude install realmd sssd sssd-tools samba-common krb5-user.

After the installation I tried to join my domain with the command realm --verbose join ad.example.com -U Administrator it asked for the Administrator password but them crashed with this output:

 * Resolving: _ldap._tcp.ad.example.com
 * Performing LDAP DSE lookup on: 10.7.0.2
 * Successfully discovered: ad.example.com
Password for Administrator: 
 * Unconditionally checking packages
 * Resolving required packages
 * Installing necessary packages: samba-common-bin
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.QARGGX -U Administrator ads join ad.example.com
Enter Administrator's password:DNS update failed: NT_STATUS_INVALID_PARAMETER

Using short domain name -- AD-EXAMPLE
Joined 'REALMD-TEST' to dns domain 'ad.example.com'
No DNS domain configured for realmd-test. Unable to perform DNS Update.
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.QARGGX -U Administrator ads keytab create
Enter Administrator's password:
realm: Couldn't join realm: Message did not receive a reply (timeout by message bus)

After those erros realmd does not even work, any command issued with realmd returns:

realm: Couldn't connect to realm service: Error calling StartServiceByName for 
org.freedesktop.realmd: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildSignaled: 
Process /usr/lib/dbus-1.0/dbus-daemon-launch-helper received signal 11

The file /etc/sssd/sssd.conf appears to be created correctly and /etc/nsswitch.conf modified accordingly. But this isn't sufficient to successfully join the domain.

active-directory

2 Answers

  1. Best Answer

    I have outlined all the steps necessary to get this up and working. There are a series of bugs regarding the install of the packages. All of the underlying software works great, but there are a few steps you have to take to make things work: http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd

    Short version:

    1. Add the following to /etc/realmd.conf

      [service]
      automatic-install = no

    2. Next, install the following packages: samba-common-bin, samba-libs, sssd-tools, krb5-user, adcli

    3. Get a kerberos ticket for your AD user.

    4. Join in unattended mode with new user principal (on a single line):

    realm --verbose join localdomain.xx --user-principal=myubuntuserver/[email protected] --unattended

    1. The error you mentioned is specifically related to a known bug (at least it's known to Fedora/RH at this time) in sssd. sssd segfaults on the option use_fully_qualified_names = True so go ahead and comment out that option and restart sssd.
    • 7

  2. I tried the accepted answer on 16.04.1 LTS and the command failed with someting about the password. Running sudo realm join normally would give the error Necessary packages are not installed: sssd-tools sssd libnss-sss libpam-sss adcli, even though they are all installed. After searching for an hour I found this workaround, which says you should add --install=/ to the join command. So the full syntax is:

    sudo realm join -v -U administrator DOMAIN.COM --install=/
    • 6