[SRU] New feature: Active Directory support
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| livecd-rootfs (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
| Focal |
Fix Released
|
High
|
Unassigned | ||
| ubiquity (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
| Focal |
Fix Released
|
High
|
Unassigned | ||
Bug Description
[Impact]
This feature allows to join a machine to an Active Directory domain at installation time.
It adds a check box in the user info stage, which once selected displays a page to enter the credentials to join the domain.
It installs the required packages on the target filesystem and configures SSSD and Kerberos so it works on first boot.
This feature also required:
1. A change to the seed to include additional packages for AD connectivity.
https:/
2. A change to livecd-rootfs to add the required dependencies via a chroot hook for the project ubuntu to workaround bug 1921862 in Focal.
[Test Plan Ubiquity]
Prerequisites:
A network with an up and running AD controller, DHCP and DNS.
1. Start the installer either from a live session or ubiquity-dm
2. Proceed to the step "Who are you?"
3. Enter the user and computer information. For the computer name, you must use the FQDN.
4. Check box "Use Active Directory" and press continue.
5. Enter the address of the Active Directory controller and credentials of the user allowed to add machines to the domain.
6. Verify that the server is reachable by pressing "Test Connection".
7. Once all the information has been entered and is valid, press "Continue" to proceed with the remaining usual steps of the installation.
8. At the end of the installation you can reboot the machine and you are ready to log in as a user of the domain on first boot
More information about initial installation on the ADSys' Wiki:
https:/
*Verification*
- Log in as a user of the domain must succeed.
- The home directory of the user must be created dynamically.
[Test Plan livecd-rootfs]
1. Build an image with the patched version of livecd-rootfs
2. Compare the manifest to an image without the patch
*Verification*
- No package should be removed with the patched version
- The following packages and their dependencies should be added: sssd, realmd, adcli, krb5-config
[Where problems could occur]
If the python code and debconf templates, Ubiquity won't start at all or the user info page will not be displayed. So it will highly visible and easy to diagnose.
Otherwise, SSSD and Kerberos may not be configured correctly and will prevent login as an AD user. In this case, we still keep the local user and it is possible to log in and diagnose and fix the issue.
[Other Info]
Built and tested on latest focal daily image.
| description: | updated |
| description: | updated |
| Changed in ubiquity (Ubuntu Focal): | |
| importance: | Undecided → High |
| Changed in ubiquity (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → Fix Released |
| Changed in ubiquity (Ubuntu Focal): | |
| assignee: | nobody → Jean-Baptiste Lallement (jibel) |
| milestone: | none → ubuntu-20.04.3 |
| status: | New → In Progress |
| description: | updated |
| Changed in livecd-rootfs (Ubuntu): | |
| status: | New → Fix Released |
| importance: | Undecided → High |
| Changed in livecd-rootfs (Ubuntu Focal): | |
| importance: | Undecided → High |
| status: | New → In Progress |
| description: | updated |
| description: | updated |
| Changed in livecd-rootfs (Ubuntu Focal): | |
| assignee: | nobody → Jean-Baptiste Lallement (jibel) |
| description: | updated |
| Changed in ubiquity (Ubuntu Focal): | |
| status: | In Progress → New |
| Changed in livecd-rootfs (Ubuntu Focal): | |
| status: | In Progress → New |
| assignee: | Jean-Baptiste Lallement (jibel) → nobody |
| Changed in ubiquity (Ubuntu Focal): | |
| assignee: | Jean-Baptiste Lallement (jibel) → nobody |
| Changed in livecd-rootfs (Ubuntu Focal): | |
| milestone: | none → ubuntu-20.04.3 |
| Łukasz Zemczak (sil2100) wrote Please test proposed package | #1 |
| Changed in ubiquity (Ubuntu Focal): | |
| status: | New → Fix Committed |
| tags: | added: verification-needed verification-needed-focal |
| Łukasz Zemczak (sil2100) wrote | #2 |
| Changed in livecd-rootfs (Ubuntu Focal): | |
| status: | New → Fix Committed |
| Łukasz Zemczak (sil2100) wrote | #3 |
| Jean-Baptiste Lallement (jibel) wrote | #4 |
| Jean-Baptiste Lallement (jibel) wrote | #5 |
| Jean-Baptiste Lallement (jibel) wrote | #6 |
| tags: |
added: verification-done verification-done-focal removed: verification-needed verification-needed-focal |
| Launchpad Janitor (janitor) wrote | #7 |
| Changed in livecd-rootfs (Ubuntu Focal): | |
| status: | Fix Committed → Fix Released |
| Brian Murray (brian-murray) wrote Update Released | #8 |
| Launchpad Janitor (janitor) wrote | #9 |
| Changed in ubiquity (Ubuntu Focal): | |
| status: | Fix Committed → Fix Released |
Hello Jean-Baptiste, or anyone else affected,
Accepted ubiquity into focal-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.