Join Clients to AD Domain
Because Libre Workspace uses Samba as Active Directory Domain Controller, both Linux and Windows clients can be joined to the integrated AD domain.
In these example instructions, we assume the domain is int.de. Please replace it with your actual domain.
To enable AD joining for clients, you currently have to set the ufw rules yourself:
LOCALSUBNET="192.168.1.0/24" # Adjust this to your local subnet where your clients are located.
sudo ufw allow from $LOCALSUBNET to any port 53
sudo ufw allow from $LOCALSUBNET to any port 88
sudo ufw allow from $LOCALSUBNET to any port 135
sudo ufw allow from $LOCALSUBNET to any port 139
sudo ufw allow from $LOCALSUBNET to any port 445
sudo ufw allow from $LOCALSUBNET to any port 464
sudo ufw allow from $LOCALSUBNET to any port 636
sudo ufw allow from $LOCALSUBNET to any port 7389
sudo ufw allow from $LOCALSUBNET to any port 3268
sudo ufw allow from $LOCALSUBNET to any port 3269
Note
If you dont want to open up these ports to all your linux clients, you can also use our user and group sync script described in some chapters after this one. For that we will use the Libre Workspace API.
Joining Linux Clients
Make sure your clients server DNS is set to the IP of your Libre Workspace server.
sudo -i
hostnamectl set-hostname client1 # Set a proper hostname
apt update
apt install realmd sssd sssd-tools adcli krb5-user packagekit vim -y
ping INT.DE -c 4 # Verify that the domain is reachable
# Join the domain (the password is the one of the ADMINISTRATOR user):
realm join --user=ADMINISTRATOR INT.DE
# Verify the join:
realm list
# Now configure SSSD to create home directories on login:
systemctl enable sssd
pam-auth-update --enable mkhomedir
# Check User info: Try to get user info from the domain
# (replace myuser with an actual user from the domain)
id myuser@int.de
# Disable showing user list in LightDM greeter
echo "[Seat:*]
greeter-show-manual-login=true
greeter-hide-users=true
" > /etc/lightdm/lightdm.conf
# Allow login with short names (without domain part)
sed -i 's/use_fully_qualified_names = True/use_fully_qualified_names = False/' /etc/sssd/sssd.conf
echo "default_domain_suffix = int.de" >> /etc/sssd/sssd.conf
# Reboot your client to finalize everything
Joining Windows Clients
Make sure your clients server DNS is set to the IP of your Libre Workspace server.
Make sure the name of your Windows client is set properly (e.g., CLIENT1).
Run as Administrator in Windows PowerShell:
# Test if Windows finds the DC:
nltest /dsgetdc:int.de
# Join the domain (the password is the one of the ADMINISTRATOR user):
Add-Computer -DomainName int.de -Credential ADMINISTRATOR@INT.DE -Restart
# After reboot, you can login with domain users.