Linux mint как ввести в домен windows

This tutorial will describe how you can join machines that run Linux Mint 17.1 OS to Windows 2012 Active Directory Domain Controller in order to authenticate remote accounts from AD back end identity provider to local Linux workstations with the help of SSSD service and Realmd system DBus service.

The System Security Services Daemon (SSSD) is a relative new service which provides cross-domain compatible methods for Active Directory users to authenticate to local machines using a combination of usernames and domain back end name to create the login identity, even if the Domain Controller goes offline (SSSD caches credentials).

REQUIREMENTS

• Windows Server 2012 configured as an Active Directory Domain Controller
• A Linux Mint 17.1 client machine which will be integrated to Windows PDC

Domain Settings:

• Domain Name: caezsar.lan
• Windows Server 2012 AD FQDN: server.caezsar.lan
• Windows Server 2012 AD IP Address: 192.168.1.130
• Linux Mint Hostname: mint-desktop
• Linux Mint IP Address: automatically assigned by DHCP
• Linux Mint first DNS IP Address: Manually assigned to point to AD PDC – 192.168.1.130

STEP ONE – Linux Mint Network Configuration

1. Before starting with installing the required services in order to integrate the local machine to the PDC Server, first we need to assure that Windows Domain Controller is reachable through DNS resolution on Linux Mint host by adding the DNS PDC IP Address on our Network Configuration. To achieve this goal, first open Network Settings, go to the Network Interface Card (in this case is the Wired Connection, but you can use a Wireless Connection also), open it for editing (hit the settings icon from bottom right) and add your PDC IP Address on IPv4 DNS filed (switch Automatic DNS to OFF) as illustrated in the following screenshots:

network settings

edit network interface settings

add DNS IP Address

If multiple Domain Controllers machines exists on your network then you can also add their IP Addresses on IPv4 DNS settings fields.
 

2. After you’re done, hit on Apply button and switch the edited Network Interface from ON to OFF and then back to ON in order to apply the new settings. After the network interface is started again, open a Terminal console and issue a ping command against your PDC domain name in order to verify if the settings are successfully applied and the domain name responds with the correct IP Address and FQDN of the PDC.

apply network settings

ping domain controller

If you want to avoid all this manual settings, then configure a DHCP server at your premises to automatically assign network settings, especially DNS entries, that will point to your Windows PDC IP Addresses needed for DNS resolution in order to reach the AD PDC.

STEP TWO – Install Required Software Packages

As presented at the beginning of this tutorial, in order to integrate a Linux Mint machine to an Active Directory Domain Controller you need to install the SSSD service along with the following software packages and dependency:

– SSSD service (responsible with back end realm authentication) with the following dependencies: sssd-tools (optional, but useful for sssd cache, user and groups manipulation), libpam-sss (PAM modules for local authentication) and libnss-sss (NSS modules for local DNS resolution)

– Realmd (system DBus service which manages domain integration and local resources permissions)

– The following Samba Modules: samba-common-bin and samba-libs (File sharing compatibility between Windows and Linux machines)

– Krb5-user (Client network authentication and communication with the PDC server)

– ADcli (Tools for joining domain and perform other actions on an AD)

– PackageKit (Linux cross-platform packages management for interoperabillity and user privileges for software installations)

3. Now, let’s start installing the above enumerated packages by opening a Terminal console on Linux Mint and issuing the following commands with sudo privileges:

First install Realmd and SSSD service:

sudo apt-get install realmd sssd sssd-tools libpam-sss libnss-sss

install realmd and sssd service

4. Next install Samba modules (by default this modules might be already installed on your system):

sudo apt-get install samba-libs samba-common-bin

install samba modules

5. Last, install the other remained packages: krb5-user, adcli and packagekit. On krb5-user package, the installer will prompt you to enter the realm that will be used for Kerberos authentication. Use the name of the domain configured for your PDC with UPPERCASE (in this case the domain is CAEZSAR.LAN), then hit Enter key to continue further with the installation packages.

sudo apt-get install krb5-user adcli packagekit

install kerberos, adcli and packagekit packages

Configure Kerberos realm

STEP THREE – Edit Configuration Files for SSSD, Realmd and PAM

6. Next step before starting joining Linux Mint to Windows Server AD PDC is to configure the local services for AD network authentication. By default the SSSD service has no configuration file defined on /etc/sssd/ path. In order to create a default configuration file for SSSD service, issue the following command to create and simultaneous edit the file:

sudo nano /etc/sssd/sssd.conf

SSSD configuration file excerpt:

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[sssd]
domains = CAEZSAR.LAN
config_file_version = 2
services = nss, pam

[domain/CAEZSAR.LAN]
ad_domain = CAEZSAR.LAN
krb5_realm = CAEZSAR.LAN
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
access_provider = ad

sssd configuration file

While editing the file make sure you replace domains, [domain/], ad_domain and krb5_realm parameters accordingly. Use the UPPERCASES as the above file excerpt suggests.

The fallback_homedir = /home/%d/%u parameter will cause the system to create home directories for all domain logged in users with the following path: /home/domain_name/domain_user, so practically all your domain users homes will be stored into a single directory named after your domain name on /home path. If you want to change this behavior so all domain users homes should be created as normal system users, /home/username, just remove %d variable and you’re done.

For other options and parameters concerning sssd.conf file run man sssd command.

After you finish editing the file, save it with CTRL+O , close it with CTRL+X and proceed further with the below instructions.

7. The next step is to create and edit a configuration file for Realmd in order to avoid some eventual package dependency problems by issuing the following command:

sudo nano /etc/realmd.conf

Use the following configurations for realmd file:

[service]

automatic-install = no

realmd conf file

After you add the above lines, save the file and close it.

8. The last file that you need to edit before joining the domain is the common-session PAM file. So, open this file for editing by running the below command and add the following line after the session optional pam_sss.so line in order for the system to automatically create home directories for the new authenticated AD users .

sudo nano /etc/pam.d/common-session

Add the following line as presented on the below screenshot:

session optional      pam_mkhomedir.so  skel = /etc/skel/  mask=0077

PAM common-session file

After you have edited the file, save it and close it, and proceed to the next step in order to make Linux Mint a part of the Windows Domain Controller.

STEP FOUR – Join Linux Mint to Windows Server 2012 Active Directory Domain Controller

9. Before joining the Linux Mint client to Windows PDC, first issue the discovery command against your domain name in order to view the complete realm configurations and a package list of software that must be installed on the client machine before you enroll it in the realm.

sudo realm discover  domain.tld

realm discover domain

10. If everything is correctly setup at the client side and the domain controller responds, issue the following command in order to integrate Linux Mint client machine to Windows Server 2012 AD PDC.

sudo realm join domain.tld -U domain_administrator --verbose

join AD domain

Use the -U option to specify an Active Directory administrative user with privileges to add machines on the server and the --verbose option to get debug output in case something goes wrong with the integration process.

Once the command returns successfully status and ads Linux Mint to AD you can use the sudo realm list command to view full details and the default configurations for your domain.

list realm

To manage sssd service use the following command switches (you don’t need to manually start the sssd service because it’s automatically started by the realmd when the machine is enrolled to realm):

sudo service sssd status|start|stop

11. To check if the machine appears on the Domain Controller, go to your Windows Server 2012, open Active Directory Users and Computers utility and search your Linux Mint hostname.

Active Directory Users and Computers

STEP FIVE – Log In on Linux Mint with Active Directory Accounts

12. To authenticate on Linux Mint with and an Active Directory user, first you need to add a permit rule on local policies in order to grant access for all realm users on local machine, by issuing the following command:

sudo realm permit --all

To grant access just for a specific AD user or group use the following command syntax:

sudo realm permit -u AD_username

sudo realm permit -g AD_group

To withdraw access for a user use the command with --x switch:

sudo realm permit domain --x domain\AD_username

13. To perform Terminal console command line authentications on Linux Mint host with an Active Directory account, use double backslashes to escape the backslash which separates the domain string from user, as shown in the below syntax (you can append the dot domain or use just the domain string):

su - domain.tld\\AD_username

or

su - domain\\AD_username

AD user login

ad user login without dot domain

14. To log in with an AD account on Linux using Putty or to perform Linux Mint MDM GUI logins use the following syntax:

domain\AD_username

domain.tld\AD_username

AD user Putty login

Ad user GUI login

15. In case you have issues with AD users authentication on Linux Mint Logon Screen, log in with a local user account and change the Login Window Theme from an HTML theme to a GDM theme, log out, hit Escape key is case the last logged in user appears on username Login filed and continue the authentication process with a AD account as presented above.

Use GDM theme

GDM login screen

STEP SIX – Add Root Permissions to AD Domain Admins Users

16. In case you want to allow all Active Directory Domain Admins to have full administrative permissions in order to execute any command with root privileges on the Linux Mint machine, open the local sudoers file for editing and add the following line:

sudo nano /etc/sudoers

or

sudo visudo

Add this line after %sudo line:

%domain\   admins@domain.tld  ALL=(ALL)      ALL

add domain admins root privileges

17. In case you don’t want your Linux Mint machine to be a part of the domain anymore, issue the following command to leave the domain:

sudo realm leave domain.tld -U AD_admin_user --verbose

leave AD PDC

That’s all! Now, the machine running Linux Mint 17.1 is integrated as a part of Windows Active Directory Domain Controller and can successfully replace your old Windows XP machine, for which Microsoft has stopped its support, but keep in mind that some features and, especially, a huge part of Active Directory Group Policy, don’t apply on Linux systems.

TL;DR

Here are all the steps needed to add your Linux Mint computer to a Windows Active Directory Domain. For more detail, and explanation, please read The Rest of the Story.

1

sudo apt install realmd sssd sssd-tools libnss-sss libpam-sss krb5-user adcli samba-common-bin oddjob oddjob-mkhomedir packagekit samba python-dnspython

Restart your computer, then edit krb5.conf.

1

sudo xed /etc/krb5.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

[libdefaults]
    default_realm = AWESOME.COM
    dns_lookup_kdc = true
    dns_lookup_realm = true

[realms]
    AWESOME.COM = {
        kdc = awesome.com
        admin_server = awesome.com
        master_kdc = awesome.com
        default_domain = awesome.com
        }

[domain_realm]
    .awesome.com = AWESOME.COM
    awesome.com = AWESOME.COM

[logging]
    kdc = SYSLOG:INFO
    admin_server = FILE=/var/kadm5.log

Edit realmd.conf.

1

sudo xed /etc/realmd.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

[users]
    default-home = /home/%U
    default-shell = /bin/bash

[active-directory]
    default-client = sssd
    os-name = Linux Mint
    os-version = 20

[service]
    automatic-install = no

[awesome.com]
    fully-qualified-names = yes
    automatic-id-mapping = no
    user-principal = yes
    manage-system = yes

Edit timesyncd.conf.

1

sudo xed /etc/systemd/timesyncd.conf

1
2
3
4
5
6

[Time]
NTP=asmdc7.awesome.com
#FallbackNTP=ntp.ubuntu.com
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

1
2
3
4

sudo timedatectl set-ntp true
sudo systemctl restart systemd-timesyncd.service
sudo timedatectl --adjust-system-clock
timedatectl status

Discover the realm you want to join.

1

realm discover awesome.com

Test your credentials.

1
2
3

kinit avawesome
klist
kdestroy

Join the Active Directory Domain.

1

sudo realm join --verbose --user=aawesome-a --computer-ou=OU=Computers,OU="ASM Headquarters",DC=awesome,DC=com awesome.com

Edit sssd.conf.

1

sudo xed /etc/sssd/sssd.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

[sssd]
domains = awesome.com
config_file_version = 2
services = nss, pam

[domain/awesome.com]
ad_domain = awesome.com
krb5_realm = AWESOME.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u
access_provider = ad
ad_hostname = [[computer_name.my-domain]].com
dyndns_update = True
dyndns_refresh_interval = 43200
dyndns_update_ptr = True
dyndns_ttl = 3600
dyndns_auth = GSS-TSIG

Restart the SSSD Service.

1

sudo systemctl restart sssd.service

Finally, update your login screen.

Restart your computer, and you should able to log in using your Active Directory Credentials.

Update 8/30/2019: Click here to see some optional, final steps you could take.

The Rest of the Story

I work for a “Windows Shop”, or “.Net Shop”. Call it what you like, but it boils down to no Linux to be found. Fortunately, my work environment is flexible, so I decided to take on the challenge to put Linux only on my work laptop, and get it up and running.

Things like snaps have been extremely helpful in getting the software I need on my machine, and LibreOffice has come a long way. Everything else, like Office 365 for email, just needs a web browser. And in case I run into any edge cases, I do have Windows 10 on a VirtualBox image, but all that is outside of the scope of this article.

My very first step to tackle was Windows Active Directory Integration with a Linux machine; I needed to be able to use my Active Directory credentials to log into my Linux laptop.

Spoiler alert. I got it to work! And I’m very excited to be able to use Linux at home and now at work!

Read on to see how I did it.

Steps Toward Awesome

First, I would like to give credit where credit is due. This article was extremely helpful in guiding me in getting everything set up.

Step 0: Install the Needed Packages

Open up your terminal, and enter the text below to get the needed packages installed.

1

sudo apt install realmd sssd sssd-tools libnss-sss libpam-sss krb5-user adcli samba-common-bin oddjob oddjob-mkhomedir packagekit samba python-dnspython

The krb5-user package will prompt for the Active Directory “realm”, and you’ll want to enter your realm in all CAPS.

After I installed the packages, I went ahead and restarted my machine.

Step 1: Edit Your krb5.conf File

Start by opening krb5.conf:

1

sudo xed /etc/krb5.conf

You can replace the contents of the current file with the text below.

Note: Values inside the double brackets (i.e. — [[value]]), need to be replaced with the correct values for your environment. Replace the value, and additionally, remove the double brackets. (i.e. — domain = [[my-domain.com]] –> domain = awesome.com)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

[libdefaults]
    default_realm = [[YOUR-REALM.COM]]  #YOUR-REALM.COM should be in CAPS
    dns_lookup_kdc = true
    dns_lookup_realm = true

[realms]
    [[YOUR-REALM.COM]] = {              #replace value, remove double brackets
        kdc = [[your-realm.com]]
        admin_server = [[your-realm.com]]
        master_kdc = [[your-realm.com]]
        default_domain = [[your-domain.com]]  #my domain and realm were the same
        }

[domain_realm]
    .[[your-domain.com]] = [[YOUR-REALM.COM]] #YOUR-REALM.COM should be in CAPS
    [[your-domain.com]] = [[YOUR-REALM.COM]]

[logging]
    kdc = SYSLOG:INFO
    admin_server = FILE=/var/kadm5.log

To finish up this step, run:

Step 2: Edit Your realmd.conf File

Now open up your realmd.conf file.

1

sudo xed /etc/realmd.conf

Copy and paste the text below into the file. You can of course replace the values for “os-name” and “os-version”.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

[users]
    default-home = /home/%U
    default-shell = /bin/bash

[active-directory]
    default-client = sssd
    os-name = [[Linux Mint]] #you can put your Linux Distribution Name
    os-version = [[20]]    #you can put your Distribution Version

[service]
    automatic-install = no

[my-domain.com]   #replace my-domain.com, but KEEP the brackets on this one
    fully-qualified-names = yes
    automatic-id-mapping = no
    user-principal = yes
    manage-system = yes

Step 3: Edit Your timesyncd.conf File

You should be used to editing files by now in this tutorial, so here we go again. Open up your terminal, and enter the text below.

1

sudo xed /etc/systemd/timesyncd.conf

All you need to do is change the “NTP” value to the address of your local Network Time Protocol (NTP) Server. You may have to ask your Network Administrator for the server address, and if you are the Network Administrator, I hope you know the address of your NTP Server

1
2
3
4
5
6

[Time]
NTP=[[my-ntp-server.my-domain.com]]     #replace value, remove double brackets
#FallbackNTP=ntp.ubuntu.com
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

Now you’ll need to update your local network time. Your local computer time needs to be within five minutes of the Kerberos (authentication) Server. So the clock times need to match, or you won’t be able to log in.

You’ll need to run the following commands in order to make sure your date and time are up-to-date.

1
2
3

sudo timedatectl set-ntp true
sudo systemctl restart systemd-timesyncd.service
sudo timedatectl --adjust-system-clock

Now you can check the status of your local date and time synchronization.

And your results should be similar to the screenshot below.

Step 4: Test Your Credentials

Even though your computer may not be bound to the Active Directory yet, you can now test your login credentials to make sure everything is set up correctly so far.

Run the command below.

1

realm discover [[my-domain.com]]

Successful results should look similar to the output below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

my-domain.com
  type: kerberos
  realm-name: MY-REALM.COM
  domain-name: my-domain.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: libnss-sss
  required-package: libpam-sss
  required-package: adcli
  required-package: samba-common-bin
  login-formats: %U@my-domain.com
  login-policy: allow-realm-logins

You can now try to “test” your login credentials. Do that by running the commands below, and enter your Active Directory password when prompted.

You can verify that your login attempt worked by running this next command.

If that worked, your results should look similar to the screenshot below.

Be sure to destroy your Kerberos token when you’re done.

Step 5: Join the Active Directory Domain

Time to join your Active Directory. You’ll need a Network Administrator, or someone with a Network Admin username/password in order to get your computer joined to the Active Directory realm.

Enter the text below into your terminal, and don’t forget to replace the values in the double brackets (along with the brackets).

1

sudo realm join --verbose --user=[[network-admin-username]] --computer-ou=OU=[[Computers]],OU="[[Active-Directory-OU-Value]]",DC=[[my-domain-without-the-com]],DC=com [[my-domain.com]]

You’ll enter the Network Administrator username, and you’ll be prompted for the password.

1
2
3
4
5
6

 * Resolving: _ldap._tcp.my-domain.com
 * Performing LDAP DSE lookup on: 10.1.1.14
 * Performing LDAP DSE lookup on: 10.1.1.15
 * Performing LDAP DSE lookup on: 10.1.1.28
 * Successfully discovered: my-domain.com
Password for awesome-admin:

After the Network Administrator password has been entered, the rest of the output should look similar to this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

 * Unconditionally checking packages
 * Resolving required packages
 * LANG=C /usr/sbin/adcli join --verbose --domain my-domain.com --domain-realm MY-REALM.COM --domain-controller 10.1.1.14 --computer-ou OU=Computers,OU=SHORT-DOMAIN-NAME Headquarters,DC=domain-controller,DC=com --os-name Linux Mint --os-version 19.1 --login-type user --login-user network-admin-username --stdin-password --user-principal
 * Using domain name: my-domain.com
 * Calculated computer account name from fqdn: COMPUTER-NAME
 * Using domain realm: my-domain.com
 * Sending netlogon pings to domain controller: cldap://10.1.1.14
 * Received NetLogon info from: SERVER.my-domain.com
 * Wrote out krb5.conf snippet to /var/cache/realmd/adcli-xyzab-oFOwIT/krb5.d/adcli-krb5-conf-wCGqIO
 * Authenticated as user: network-admin-username@MY-REALM.COM
 * Looked up short domain name: SHORT-DOMAIN-NAME
 * Using fully qualified name: computer-name
 * Using domain name: my-domain.com
 * Using computer account name: COMPUTER-NAME
 * Using domain realm: my-domain.com
 * Calculated computer account name from fqdn: COMPUTER-NAME
 * With user principal: host/computer-name@MY-REALM.COM
 * Generated 120 character computer password
 * Using keytab: FILE:/etc/krb5.keytab
 * Found computer account for COMPUTER-NAME$ at: CN=COMPUTER-NAME,OU=Computers,OU=SHORT-DOMAIN-NAME Headquarters,DC=my-domain,DC=com
 * Set computer password
 * Retrieved kvno '7' for computer account in directory: CN=COMPUTER-NAME,OU=Computers,OU=SHORT-DOMAIN-NAME Headquarters,DC=my-domain,DC=com
 * Modifying computer account: userAccountControl
 * Modifying computer account: operatingSystemVersion, operatingSystemServicePack
 * Modifying computer account: userPrincipalName
 * Discovered which keytab salt to use
 * Added the entries to the keytab: COMPUTER-NAME$@MY-REALM.COM: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/COMPUTER-NAME@MY-REALM.COM: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/COMPUTER-NAME@MY-REALM.COM: FILE:/etc/krb5.keytab
 * Cleared old entries from keytab: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: host/computer-name@MY-REALM.COM: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/COMPUTER-NAME@MY-REALM.COM: FILE:/etc/krb5.keytab
 * Added the entries to the keytab: RestrictedKrbHost/computer-name@MY-REALM.COM: FILE:/etc/krb5.keytab
 * /usr/sbin/update-rc.d sssd enable
 * /usr/sbin/service sssd restart
 * Successfully enrolled machine in realm

Step 6: Edit Your sssd.conf File

Open up sssd.conf for editing

1

sudo xed /etc/sssd/sssd.conf

Copy and paste the text below into the file. Again, don’t forget to replace the values in the double brackets (along with the brackets).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

[sssd]
domains = [[my-domain]].com
config_file_version = 2
services = nss, pam

[domain/[[my-domain]].com]
ad_domain = [[my-domain]].com
krb5_realm = [[MY-REALM]].COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u
access_provider = ad
ad_hostname = [[computer_name.my-domain]].com
dyndns_update = True
dyndns_refresh_interval = 43200
dyndns_update_ptr = True
dyndns_ttl = 3600
dyndns_auth = GSS-TSIG

Save the file, then close the text editor, and run the command below.

1

sudo systemctl restart sssd.service

Step 7: Modify Your Login Window

And now for our last step. This is specific for Linux Mint.

Start by opening the Login Window settings, as seen in the screenshot below.

Now make sure you settings look like this:

Conclusion

Those are the steps. If anything is unclear, let me know in the comments below. Hope this is helpful

Update 8/30/2019

So this is an optional step that may not have to happen in every scenario. Upon logging in with your Active Directory User, you may discover that you do not have the rights to do anything. So, you will have to log in with a local administrator account, and add your domain account to the following groups by running these commands:

1
2
3
4
5
6
7

sudo usermod -a -G adm aaronvon@awesome.com
sudo usermod -a -G cdrom aaronvon@awesome.com
sudo usermod -a -G dip aaronvon@awesome.com
sudo usermod -a -G lpadmin aaronvon@awesome.com
sudo usermod -a -G plugdev aaronvon@awesome.com
sudo usermod -a -G sambashare aaronvon@awesome.com
sudo usermod -a -G sudo aaronvon@awesome.com

End of Line.

Для ввода LinuxMint в домен Windows нужно скачать и установить пакет от команды PowerBroker Open project (ранее называлась Likewise Open). На странице загрузки заполняем регистрационную форму и получаем на почту ссылку на скачивание пакетов. Если вам нужна демо версия с полным функционалом то нужно поставить галочку в самом низу формы регистрации. Меня полностью устраивает функционал бесплатной версии.

По ссылке полученной на почту заходим на страницу скачивания пакетов. Скачиваем последний стабильный релиз под свою битность ОС.

В терминале переходим в директорию в которую был закачан пакет(у меня это /home/michael) и выдаем ему права на выполнение, затем устанавливаем.

# cd /home/michael
# sudo chmod +x pbis-open-8.5.0.153.linux.x86_64.deb.sh
# sudo ./pbis-open-8.5.0.153.linux.x86_64.deb.sh

На все вопросы отвечаем ‘yes’. После установки откроется окно ввода компьютера в домен.
Нужно ввести имя компьютера и название домена. Повторно запустить окно ввода в домен можно командой.

# sudo /opt/pbis/bin/domainjoin-gui

Нажать Join Domain и ввести учетные данные пользователя имеющего права на ввод в домен Windows в открывшемся окошке.

После ввода в домен нужно перезагрузить компьютер и можно входить с доменными учетными данными.

Как правильно задавать вопросы

Правильно сформулированный вопрос и его грамотное оформление способствует высокой вероятности получения достаточно содержательного и по существу ответа. Общая рекомендация по составлению тем: 1. Для начала воспользуйтесь поиском форума. 2. Укажите версию ОС вместе с разрядностью. Пример: LM 19.3 x64, LM Sarah x32 3. DE. Если вопрос касается двух, то через запятую. (xfce, KDE, cinnamon, mate) 4. Какое железо. (достаточно вывод inxi -Fxz в спойлере (как пользоваться спойлером смотрим здесь)) или же дать ссылку на hw-probe 5. Суть. Желательно с выводом консоли, логами. 6. Скрин. Просьба указывать 2, 3 и 4 независимо от того, имеет ли это отношение к вопросу или нет. Так же не забываем об общих правилах Как пример вот