I've been setting up a new machine with Ubuntu 22.04 Desktop. And since I'm on the IT team, I've been using it as an opportunity to broaden my knowledge of configuring Ubuntu for a work environment, as well as figure out how to correctly configure Ubuntu in case some other researcher/engineer in the organization ever wants to switch to Ubuntu.
One of the aspects I'm trying to get right is authenticating users using Active Directory.
I've got it working where I can log in using my AD creds, but then I can't seem to configure my settings any further.
Setup
My procedure to set up the machine was:
- Install Ubuntu 22.04, and create a local admin user (
admin)
- Sign in to
admin.
- Install updates.
- Install AD-related stuff for SSSD.
sudo apt install sssd-ad sssd-tools realmd adcli adsys
- Join the domain.
sudo realm -v join -U [MY-AD-ADMIN] organization.org
- Make some adjustments to the auto-generated
/etc/sssd/sssd.conf, with the final result being...
[nss]
allowed_shells = /bin/sh,/bin/csh,/bin/bash,/bin/ksh,/bin/fish
#debug_level = 0x0200
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = organization.org
default_domain_suffix = organization.org
full_name_format = %1$s
#debug_level = 0x0200
[domain/organization.org]
ad_domain = organization.org
use_fully_qualified_names = True
realmd_tags = joined-with-adcli manages-system
krb5_realm = ORGANIZATION.ORG
krb5_store_password_if_offline = True
cache_credentials = True
ldap_id_mapping = False
id_provider = ad
access_provider = ad
pwd_expiration_warning = 0
default_shell = /bin/bash
override_homedir = /home/%u
fallback_homedir = /home/%u@%d
debug_level = 0x0400
- I set
default_domain_suffix to the value you see so that I can log in with ad-username instead of having to type out ad-username@organization.org.
- I set
full_name_format and override_homedir to the values you see so that when I log in with my AD User, the home directory and file ownership also only have ad-username instead of ad-username@organization.org.
With all of this set up using my admin user, I logged out then logged back in using my AD creds. While the login process was completing, I saw a message that my home directory was being created, user settings applied, and thought all was good until I went to actually change settings.
The Problem(s)
After logging in as ad-username, I opened "Settings" and went about doing things like changing my desktop background, window appearance/colors, dock settings, favorited applications, notifications, power settings...
The exception seems to be that I can change my display's scaling from 200% to 100%, and that stays if I log out and log back in.
I can interact with the slider for "Fractional Scaling", but the "Scale" setting doesn't change to a dropdown, and the slider reverts back to off if I navigate to a different section of Settings.
I also cannot enable the "Night Light" setting.
Basically, anything and everything in settings could either not be changed, or the GUI showed it changing but reverted the changes as soon as I navigated away.
I would appreciate any suggestions on where to look for the root cause.
- Is my machine trying to save my user's settings back to the AD servers?
- Did I forget some property in my
sssd.conf?
- Is there something in Ubuntu that is preventing my AD User from changing any settings?
