PBIS Configuration
We are ready to proceed with configuration. Please navigate to /opt/pbis/bin/ directory and run domainjoin-cli command to join a host to an Active directory domain.
cd /opt/pbis/bin/
sudo domainjoin-cli join [DomainName [DomainAccount]
where,
DomainName – the name of your domain
DomainAccount – your domain account (user@domainname)
Example: sudo domainjoin-cli join example.com administrator
When prompted, please provide Active Directory administrator’s password. On successful authentication, the command adds your Ubuntu computer as a member of the domain. The command also adds entries in the /etc/hosts file.
To check Ubuntu domain setting you need to run the following command from your terminal:
sudo domainjoin-cli query
The command will display the name of the domain to which your Ubuntu computer has joined.
Example:
Name = username
Domain = example.com
Distinguished Name = CN=username,CN=Computers,DC=example,DC=com
Note: If you want to remove your Ubuntu computer from the domain, you need to run
sudo domainjoin-cli leave
Once joined to the domain important thing to do is to restrict access to sudoers group to members of Domain Admin group only. This can be accomplished by updating /etc/sudoers file by adding %domain^admins ALL=(ALL) ALL in group section so sudoers file section looks as follows:
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%domain^admins ALL=(ALL) ALL
The good thing about using PBIS is that it allows multiple ways to customize the login, domain prefix, login shell, folder name, etc. In order to set up default configuration for domain users, you need to use PBIS to set the environment for all required domain users that will be logged to the system.
Please open the terminal and run following commands:
Set domain prefix
sudo /opt/pbis/bin/config UserDomainPrefix [Domain]
Set this to ‘true’ avoid entering domain names all the time
sudo /opt/pbis/bin/config AssumeDefaultDomain True
Set default shell
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
Set different home dir then the local users on the machine
sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
Set specific Active Directory security groups
sudo /opt/pbis/bin/config RequireMembershipOf “[Domain]\[SecurityGroup]”
Update dns
sudo /opt/pbis/bin/update-dns
Clear cache
sudo /opt/pbis/bin/ad-cache –delete-all
Next step, you need to edit the pamd.d common-session file. Please type in terminal:
sudo vi /etc/pam.d/common-session
Navigate to the line that states session sufficient pam_lsass.so and replace it with session [success=ok default=ignore] pam_lsass.so
Then, we need to edit the lightdm configuration file and append the following lines:
sudo vi /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf
allow-guest=false
greeter-show-manual-login=true
Please note, that if you are using Lubuntu 14.04 your lightdm configuration file will be 60-lightdm-gtk-greeter.conf
source: