KB450253 – Houston UI + Active Directory Join (Ubuntu)

Last modified: May 26, 2021
You are here:
Estimated reading time: 1 min

Houston UI + Domain Join (Ubuntu)


This article will walk through the process of joining a Windows Active Directory through the Houston UI.


  • Ubuntu 20.04 LTS installed
  • Cockpit 237.1 or greater installed


  • Add 45drives repository to /etc/apt/sources.list.d/
root@ubuntu-45d:~# wget -qO - http://images.45drives.com/repo/keys/aptpubkey.asc | apt-key add -
root@ubuntu-45d:~# curl -o /etc/apt/sources.list.d/45drives.list http://images.45drives.com/repo/debian/45drives.list
root@ubuntu-45d:~# apt update
  • Install realmd (0.16.3-3ubuntu2) from 45Drives Repository
root@ubuntu-45d:~# apt install realmd
  • Set realmd default client to winbind instead of sssd
root@ubuntu-45d:~# sed -i 's/^\(default-client = \).*$/\1winbind/' /usr/lib/realmd/realmd-defaults.conf
root@ubuntu-45d:~# systemctl restart realmd
  • Set hostname to include domain name if not set already, this is done in the Overview tab of the Houston UI.

  • Set DNS server to the IP of the Domain Controller if not done already. This is done in the network tab of the Houston UI

  • Move the existing smb.conf and keep as a backup, as realmd will autogenerate what we need to complete the join.
root@ubuntu-45d:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
  • Join the domain, this is done the Overview tab of the Houston UI. You will need the login info for user with Join Permissions to the AD.
    • You will need the login info for user with Join Permissions to the AD.
    • Verify after join that “winbind” was used as the client join software. If not leave the domain and return to the step “Set realmd default client to winbind instead of sssd” above.

  • Configure nsswitch.conf
root@ubuntu-45d:~# sed -i 's/^\(passwd:\s\+files\) \(systemd\).*$/\1 winbind \2/g;s/^\(group:\s\+files\) \(systemd\).*$/\1 winbind \2/g' /etc/nsswitch.conf
  • Configure PAM to to enable the creation of home directories on first login for network users
root@ubuntu-45d:~# pam-auth-update --enable mkhomedir
  • Verify Domain users and groups are available
    • User id format is ‘DOMAIN\username’
root@ubuntu-45d:~# id '45LAB\rob'
uid=2001106(45LAB\rob) gid=2000513(45LAB\domain users) groups=2000513(45LAB\domain users),2001106(45LAB\rob),2001105(45LAB\lab)
  • Test login for a Domain User

  • All users in the Domain can now login into the server, this is not ideal as it is best practise to block all Domain users and let the admin decide on can get in.
    • To restrict access to specific users/groups see this article
  • Now we need to grant the SeDiskOperatorPrivilege privilege to any domain groups / users that are going to be configuring share permissions.
    [root@centos8 ~]# net rpc rights grant "45LAB\domain admins" SeDiskOperatorPrivilege -U "45LAB\bk"
    Enter 45LAB\bk's password:
    Successfully granted rights.
  • You can list all users and groups who have this privilege by running:
    [root@centos8 ~]# net rpc rights list privileges SeDiskOperatorPrivilege -U "45LAB/bk"
    Enter 45LAB/bk's password:
    45LAB\domain admins



Was this article helpful?
Dislike 0
Views: 206
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access