Integrate Ubuntu to Samba4 AD DC with SSSD and Realm – Part 15

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

16 Responses

  1. bright says:

    Hi, all in Step 3.

    I got this error: realm couldn’t change permitted logins the samba provider cannot restrict permitted logins

    anyone can help me?

  2. pankaj says:

    what about the gpo policy ? how it will apply on ubuntu domain users?

  3. Dawid says:

    When I run command sudo testparm.

    Load smb config files from /etc/samba/smb.conf
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    WARNING: The "syslog" option is deprecated
    Processing section "[printers]"
    Processing section "[print$]"
    Loaded services file OK.
    idmap range not specified for domain '*'
    ERROR: Invalid idmap range for domain *!

    You have idea?

  4. Daliana says:

    Hello, Thank you very much for such a good tutorial, everything went well, I could join my computer in the company AD, but in step # 20 I can not get any response with the getent command and therefore I can not log in with the users of the domain, any help here, am I stuck?

  5. proplayerna says:

    Thank you so much for this tutorial.

    I tried so many different forum to troubleshoot my problem to join my ubuntu to my AD and I always failed until I found this one.

    For sure you found a new reader of your forum and I will share it with other.

    Thanks again!

  6. unknwn says:

    thank you very much. worked without problems.

  7. Sayantan says:


    Everything is set, I can also see all users when I type:

    # wbinfo -u.

    However, when I try to login, it only authenticates via pam_unix; pam_sss authentication is not at all checked.

    How can I fix that? SSSD is enabled and running.

  8. alice says:

    Good Evening,

    When I restart the sssd service with this command systemctl restart sssd, i have this error.

    Failed to read keytab [default]: no such file or directory
    Exiting the SSSD. Could not restart critical service [ mydomain ]

    Do you have an idea of ​​the problem please?

  9. Fex says:

    Excellent post!! Thank you very much!

    Just a typo:

    “sudo realm permit -all” should be “sudo realm permit –all” (that’s a double – instead of just one)

    Also, in sssd.conf shouldn’t “dyndsn_refresh_interval = 43200” by “dyndns_refresh…” ?

  10. Sayantan says:

    Is it possible to change the user desktop background from the Domain Controller?
    if we want to set a particular image for all linux users?

Leave a Reply to bright Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.