Integrate Ubuntu 16.04 to AD as a Domain Member with Samba and Winbind – Part 8

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

69 Responses

  1. armando says:

    Hello, Please i need help..

    [email protected]:/home/mindcaf# [email protected]:/home/mindcaf# /usr/local/samba/bin/samba-tool domain level raise --domain-level=2008_R2
    bash: [email protected]:/home/mindcaf#: No such file or directory
    [email protected]:/home/mindcaf# ERROR: Domain function level can't be smaller than or equal to the actual one!
    > [email protected]:/home/mindcaf#
  2. Fcis says:

    I followed this tutorial and have successfully added twenty machines running Ubuntu 16.04 to my ad domain and users in the domain can now login to these machines using their ad credentials. The problem now is that the domain user folders (Documents, Desktop, Downloads,…) are not synched across these machines.

    For example, if ad\userA logged in to the first machine and created a folder named Folder1 in his Documents folder, then logged in to the second machine he won’t find Folder1 in his Documents folder.

    So I wonder how I the domain user account folders can be automatically synched when a user login to any of the other domain connected machines? Any advice please?

  3. elms says:

    All these steps just to add a machine to a domain? One error along the way and its a down a rabbit hole. Keep in mind we all have different distro. This is really frustrating. A part from Linux being free, whats the point of having a domain controlled network if i have to figure 60 computers manually, with all the errors associated?

    I have successfully managed to add a windows machine to a Ubuntu domain server yet i cant do the same to a Linux machine. I have looked around and still cant a find a good GUI to use.

    I’ve given up. I’d rather buy windows and make life easier than this constant medieval way.

  4. James says:

    So I got the packages on Step 5 to install but I never get the screen for the Kerberos Realm Configuration. Is there a way to re-run it?

  5. Manoj says:

    Hi Thanks for this amazing Tutorial. It worked perfectly. I have a small issue though i can’t reset the user password. I am getting below error. I have try thousand passwords.

    [email protected]:~$ passwd
    Changing password for manoj
    (current) NT password:
    Enter new NT password:
    Retype new NT password:
    The password of this user is too recent to change
    Your password must be at least 7 characters; cannot repeat any of your previous 24 passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name; Please type a different password. Type a password which meets these requirements in both text boxes.
    passwd: Authentication token manipulation error
    passwd: password unchanged
    [email protected]:~$

  6. Fcis says:

    It works successfully and users can login to their AD accounts but then when they try to open Firefox they get this error message “your firefox profile cannot be loaded. it may be missing or inaccessible” any advice?

  7. Andrew Mendelsohn says:

    Followed instructions on Linux Mint 18.1 and I’m able to su to a domain user and authenticate with the domain password and user is created, but no home directory is created.

    I added the suggested line to /etc/pam.d/common-account. This is the only thing that doesn’t seem to work, I can see all the AD users and groups, but the lack of a home dir causes other problems. Any ideas why no home dir creation?

  8. Olha says:

    Thank you for the instructions! Everything works.

  9. Andrew III says:

    I can’t start the winbind after configuring the smb.confg, need help please..

    TOPOLOGY: [ lab.mis ]    [ testing(ubununt18) ] 
    	workgroup = LAB
    	realm = LAB.MIS
    	netbios name = testing
    	security = ADS
    	dns forwarder =   # 
    	idmap config * : backend = tdb        
    	idmap config *:range = 50000-1000000
    template homedir = /home/%D/%U
    template shell = /bin/bash
    winbind use default domain = true
    winbind offline logon = false
    winbind nss info = rfc2307
    winbind enum users = yes
    winbind enum groups = yes
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes
    winbind status
    ● winbind.service - Samba Winbind Daemon
       Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset: enabled)
       Active: failed (Result: exit-code) since Thu 2018-09-20 13:37:12 +08; 9min ago
         Docs: man:winbindd(8)
      Process: 2217 ExecStart=/usr/sbin/winbindd --foreground --no-process-group 
     $WINBINDOPTIONS (code=exited, status=1/FAILURE)
     Main PID: 2217 (code=exited, status=1/FAILURE)
    Sep 20 13:37:11 testing systemd[1]: Starting Samba Winbind Daemon...
    Sep 20 13:37:12 testing winbindd[2217]: [2018/09/20 13:37:12.021429,  
    0] ../source3/winbindd/winbindd_cache.c:3170(initialize_winbindd_cache)
    Sep 20 13:37:12 testing winbindd[2217]:   initialize_winbindd_cache: 
    clearing cache and re-creating with version number 2
    Sep 20 13:37:12 testing winbindd[2217]: [2018/09/20 13:37:12.023319,  0] 
    Sep 20 13:37:12 testing winbindd[2217]:   Could not fetch our SID - did we join?
    Sep 20 13:37:12 testing winbindd[2217]: [2018/09/20 13:37:12.023620,  0] 
    Sep 20 13:37:12 testing winbindd[2217]:   unable to initialize domain list
    Sep 20 13:37:12 testing systemd[1]: winbind.service: Main process exited,
     code=exited, status=1/FAILURE
    Sep 20 13:37:12 testing systemd[1]: winbind.service: Failed with result 'exit-code'.
    Sep 20 13:37:12 testing systemd[1]: Failed to start Samba Winbind Daemon.
  10. Shiva says:


    I reinstalled libnss and libpam and winbind packages. from then on the ownership permissions are changed instead of domain users it shows “rtcarchivingdomainservices“. Could anyone please help me on this?

    Or do let me know how to unjoin from domain without affecting the permissions for previous users in that machine.


Leave a Reply to James Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.