The Domain Join Assistant for Univention Corporate Server (UCS) automatically integrates Ubuntu and many Ubuntu-based systems such as Linux Mint into a UCS domain. That way, administrators no longer have to manually configure the client computers. Users can then log into the desktop environment with their UCS credentials – on any client in the domain.
The tool offers a graphical user interface and a command line tool for admins who prefer to work on the shell. We have just released a new version of the Domain Join Assistant that comes with various improvements and supports the latest Ubuntu and Linux Mint versions. In this article I’m going to show you how the tool works and I’m going to introduce the new features.
How does the Domain Join Assistant work when connecting Ubuntu and Linux Mint Clients?
After installing the package
univention-domain-join from our Univention-PPA) you can start the graphical user interface on the Ubuntu/Mint desktop via the respective start menu. Authenticate with your user credentials and you will see the following dialogue.
Enter the IP address of the UCS server or the name of the UCS domain in the first field, then fill in the domain administrator’s user credentials in the two fields below. Click the Join button to proceed.After a few moments you can reboot the client – configuration done. Users can then enter their username and password of the UCS domain into the login manager of the desktop.
In the background, the Domain Join Assistant takes care of the following things:
- It creates an LDAP object in the UCS directory service for the Ubuntu/Mint computer.
- It configures the DNS settings of the client (if requested).
- It configures the Kerberos authentication service.
- It makes changes to the login manager if necessary.
- It configures the user authentication with PAM (Pluggable Authentication Modules).
- It sets up the SSSD (System Security Services Daemon).
The most important new Features: Python 3 and Assignment to DC Slaves in distributed Networks
The new Domain Join Assistant is implemented in Python 3, the standard version on current Linux distributions. We have adjusted the complete code base and made the transition from Python 2.
Previous versions of the tool automatically configured the DNS server by adjusting the distribution’s network manager so that the DC Master worked as primary name server. This made sure that at least one UCS system was used as DNS server and would provide the necessary DNS entries for services like Kerberos. The automatic DNS configuration is now optional and requires activating the GUI’s checkbox. Alternatively, you can use the command line tool’s parameter
--force-ucs-dns. When skipping this option, administrators can set the preferred DNS server via DHCP – we recommend assigning a UCS system.
Apart from that, it’s now possible to enter the IP address of a DC Slave instance in the configuration dialogue and use this computer to join the domain, something that only worked with a DC Master server in previous versions. This also works in UCS@school environments: administrators can fill in the IP address of a school slave. As a result, the Domain Join Assistant has become a lot more flexible and now supports more network scenarios in distributed environments. It is now much easier to roll out Ubuntu and Mint clients in schools. Please note, that we do not fully support Ubuntu in UCS@school environments, especially not in the module Computerraum.
Supported Ubuntu/Linux Mint Versions and Desktops
Our primary goal for the Domain Join Assistant is to support Ubuntu LTS versions, and our tool has been around since Ubuntu 14.04. The new features described in this article are available for Ubuntu 20.04. For a complete list of all supported distributions please refer to our Github Repository.
Univention Domain Join works with GNOME and Unity. For clients with other desktop environments, administrators can skip the login manager’s configuration with the command line tool
univention-domain-join-cli and its parameter
Our GitHub repository also contains an installation manual and a README for the command line tool. We look forward to your feedback – please leave a comment or join the discussion in our Univention Forum.