Well this is going to be fun….
Part 1 – Joining the domain
Part 2 – logon screen tweaks
Three things i’m going to focus on are
1. The annoying welcome to ubuntu screen
2. Remove local accounts and ask for username and password
3. Use username without full domain name
The first is pretty simple – just remove a package called gnome-initial- setupsudo apt remove gnome-initial-setup
Great, next up is the removing accounts from the logon screen; First, add a gdm profile /etc/dconf/profile/gdm with the following;
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaultsThen add a gdm keyfile for machine-wide settings in /etc/dconf/db/gdm.d/00-login-screen:
[org/gnome/login-screen] disable-user-list=true
and finally dconf update to kick it into action.
https://help.gnome.org/admin/system-admin-guide/stable/login-userlist-disable.html.en for more info.
Lastly Those pesky full domain names. Edit /etc/sssd/sssd.conf so that use_fully_qualified_names = False
This comes with a warning: “This should only be changed if you are certain no other domains will ever join the AD forest, via one of the several possible trust relationships” – see https://ubuntu.com/server/docs/service-sssd for more details.
Part 3 – sudo for admins
sudo nano etc/sudoers
and add lines such as;
%group\ name@domain.fqdn ALL=(ALL:ALL) ALL
for an AD group or
administrator@domain.local ALL=(ALL:ALL) ALL
for an AD user.