HowTo join xUbuntu 16.04 Desktop to NethServer-7 AD and automount ServerHomeDir

(fpausp) #1

HowTo join xUbuntu 16.04 Desktop to NethServer-7 Active Directory and automount ServerHomeDir

Please feel free to give me a feedback, I mean technically and formally.

This is based upon limited testing, and a small number of users. Both, Client and Server, were installed as VPS under Proxmox PVE.

Server prerequisites:
Installed NethServer 7.4 Server and updated from command line. Active Directory has been configured and the domain-name was given.

Client prerequisites:
Installed xubuntu 16.04 (xubuntu-16.04.3-desktop-amd64.iso), with one local user who has local admin rights. DHCP-Client was activ to get an IP from the NethServer who is acting as DHCP-and AD-Server. It is important that the Debian Client can resolv DNS correctly.

Servername = neth7
Domainname =

Now we can join the Domain with:
+-+ Open a Terminal:

+-+ Get root:
sudo su

+-+ install some packages:
apt-get install realmd ntp adcli sssd libsss-sudo libpam-mount cifs-utils

+-+ Join Domain:
realm join --user=administrator

+-+ Add override_homedir and override_shell, on the end:
nano /etc/sssd/sssd.conf
override_homedir = /home/%u@%d
override_shell = /bin/bash

+-+ Enable and start sssd:
systemctl enable sssd
systemctl start sssd

+-+ (all in one line)
echo "session required skel=/etc/skel/ umask=0022" | sudo tee -a /etc/pam.d/common-session

+-+ Set sudoers permission:
echo " ALL=(ALL) ALL" | sudo tee -a /etc/sudoers
echo " ALL=(ALL) ALL" | sudo tee -a /etc/sudoers

+-+ Automount Homedir (all in one line, after Volume definitions ):
nano /etc/security/pam_mount.conf.xml
               <!-- Volume definitions -->
<volume user="*" sgrp="domain" fstype="cifs" server="neth7" path="%(DOMAIN_USER)" mountpoint="~/nethome" options="nosuid,nodev" />

+-+ Reboot xUbuntu 16.04 Desktop:

+-+ After the reboot, click on other and logon with:
pass: your-administrator-password

Problems getting my Ubuntu machines to join the AD
Cifs on nethserver 7
Setting up a PDC on armhfp
(Mark Verlinde) #2

going to adapt your HowTo to debian stretch in the next day’s!

Would love to see this pushed to a “e-smith” updated script someone could run on a linux NS-AD client.

(Mark Verlinde) #3

after joining a fedora client to the AD-domain i did this how to on a debian 9 xfce.

worked perfect!, did not have the chance to test the auto-mounted “nethome”

Followed this How-To to “the letter” except:

override_homedir = /home/%u@%d
override_shell = /bin/bash

in did follow your centos how-to

# Change and add /etc/sssd/sssd.conf:
use_fully_qualified_names = False
fallback_homedir = /home/%u

override_homedir = /home/%u
override_shell = /bin/bash

in the footsteps of my fedora setup: managing sudo right in AD-groups; omitted

+-+ Set sudoers permission:
echo " ALL=(ALL) ALL" | sudo tee -a /etc/sudoers
echo " ALL=(ALL) ALL" | sudo tee -a /etc/sudoers

and created a sudo group in the AD ( and added the domain admins group to it as members and a regular user ( as well.

The users in the group have sudo rights on the client. :grinning:

EDIT: overlooked something (not sure if it is important) just automatically typed

realm join --user=administrator

instead of:

realm join --user=administrator

CentOS7 Desktop Client?
(fpausp) #4

Sounds great, I have to test it…

Yes it is important, I did my HowTos on different domains… This is the reason why I wrote:

# Get your DNS domain name from:
Configuration > Accounts provider > DNS domain name

In the CentOS HowTo…