• Your Trusted 24 Hours Service Provider!
  • Talk To Expert : +91 987 187 8355

How to apply Group Policy on Ubuntu 22.04?

After release of Ubuntu 22.04 in April 2022, Ubuntu and Microsoft are now supporting the much awaited feature of Applying Group Policy on Ubuntu 22.04. Now joining Active Directory by Ubuntu 22.04 is made easy and also supporting offline login by the AD user in Ubuntu 22.04. Our previous article on Active Directory Joining by Ubuntu is very much appreciated by the community.

There are three prerequisite to apply Group Policy on Ubuntu 22.04.

First prerequisite is join Ubuntu to Active Directory.

Second is Adsys client installation on Ubuntu client machines.

Third is Ubuntu Advantage subscription for the privilege management and remote scripts execution features.

Finally we need not to install anything on Windows Server to support GPO on Ubuntu except adml and admx file import to support GPMC template for Ubuntu.

How to install Ubuntu 22.10 on WSL in Windows 11

Packages to be install on Ubuntu 22.04

Following package are required by Ubuntu client machine to support Active Directory integration with Ubuntu 22.04.

  1. Adsys
  2. SSSD

sudo apt update

Installing SSSD and its required packages:-

sudo apt install sssd-ad sssd-tools realmd adcli

Installing Adsys:-

sudo apt install adsys

Time needed: 10 minutes.

After installing SSSD and Adsys. Let us look at the below method to verify, join and apply GPO on Ubuntu 22.04:-

  1. Verify ping and port connectivity with Active Directory Domain Controller system from Ubuntu client machine

    telnet srv2019.sonoos.kb 389
    ping sonoos.kb
    LDAP TCP – 389
    LDAP for Global Catalog TCP- 3268
    SAM/LSA TCP – 445
    W32Time NTP UDP – 123
    DNS – TCP and UDP 53
    Kerberos V5 UDP- 88

  2. Use realm discover command to discover Domain Controller | Domain Controller Name: srv2019 | Domain Name: sonoos.kb

    realm discover srv2019.sonoos.kb

  3. Use realm join command to join Window Active Directory Domain | Domain Controller Name: srv2019 | Domain Name: sonoos.kb

    sudo realm join srv2019.sonoos.kb
    Provide Windows Server Domain administrator account password to join AD.

  4. Verify sssd.conf file for domain join status of Ubuntu client machine.

    sudo nano /etc/sssd/sssd.conf
    It is successful join if output contains information about your domain, nss and pam.

  5. Create Home directory of ubuntu active directory account/user by pam-auth command

    sudo pam-auth-update –enable mkhomedir

  6. Now go to Domain Controller and verify that computer name of Ubuntu is added in Computer OU in Active Directory Users and Computers.

  7. If computer account for Ubuntu client machine has been created now try to log on Ubuntu Client machine with domain user like in my demo i have used bob@sonoos.kb

  8. After successfully login of AD account on Ubuntu verify pwd and whoami command output.

  9. Now its time to configure group policy for ubuntu client machine, follow above mentioned command to install GPO client:

    sudo apt install adsys

  10. Verify realm list before applying GPO on Ubuntu Client | Output should contains information related to your domain

    sudo realm list

  11. To generate admx and adml file for Ubuntu run following command in terminal:-

    adsysctl policy admx all
    Now two file will be created on current directory (Ubuntu.admx and Ubuntu.adml).

  12. Move both files to Domain Controller. Paste file Ubuntu.admx file to \sysvol\domain\policies\policydefinitions folder of domain controller. Paste Ubuntu.adml to \sysvol\domain\policies\policydefinitions\en-US folder.

  13. Now its time to apply first group policy on ubuntu. Move your Ubuntu Client Computer Name to New OU (Ubuntu Clients) in AD Server. After moving computer account to new OU. Go to GPMC.msc and link new GPO.

  14. Now after linking new GPO on Ubuntu Client OU.

  15. In this step we are providing sudoers permissions to normal AD users for Ubuntu login via GPO setting Client Administrators.

  16. Let us use command to push group policy on Ubuntu.

    adsysctl policy update -av

  17. Verify GPO applied on Ubuntu with command:-

    adsysctl policy update –details

  18. Now login again with AD user bob@sonoos.kb in Ubuntu client and see, bob has all the sudoers permissions.

FAQ on Ubuntu and Active Directory Integrations

How do we use Group Policy in Ubuntu?

Adsys is client for Ubuntu to support Group Policy Implementation.

Can I apply Group Policy in Linux?

Not on Linux but on Ubuntu it is supported since April 2022.

Does Ubuntu support Active Directory Integration?

Yes, Ubuntu and Microsoft has now integration for Group Policy support on Ubuntu 22.04.

How to get admx and adml file for Ubuntu GPO?

We can download admx and adml files from Github or use command adsysctl policy admx all

What is SSSD in Ubuntu?

SSSD stands for System Security Services Daemon, its support:-
Active Directory Integration with Ubuntu
LDAP
Kerberos

Do we need any Ubuntu Subscription for applying Group Policy on Ubuntu 22.04?

Yes we need Ubuntu Advantage subscription for applying GPO on Ubuntu.

How to Join Ubuntu 22.04 with Active Directory

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Hi, How Can We Help You?