Authenticate to Active Directory with Ubuntu

1670

While Linux is a fantastic operating system, when it comes to user rights management, Active Directory is far superior than anything Linux currently implements. As a result many businesses and organizations implement the technology. For a longtime it was extremely difficult to get a Linux operating system to authenticate with active directory–configuring multiple services and managing to get them to work with each other, let alone work with Windows was a task best left for those with years of Linux administration experience. However, in recent years as Linux has become more user friendly, and it should be no surprise that authenticating with active directory has become easy too. In the past few days I have been working with an Open Source software called likewise-open which is in the official Ubuntu repositories. Below is a quick guide to getting started and some tips/issues I have found.

Authenticating with likewise-open 4.1 (from Ubuntu 8.04 Repository)

  1. Install likewise-open
    # sudo apt-get install likewise-open
  2. Join the domain
    # sudo domainjoin-cli join your.fqdn domain_admin

    For example:

    # sudo domainjoin-cli join example.com Administrator

    REBOOT

  3. Update rc.d
    # sudo update-rc.d likewise-open defaults
  4. 4. Start likewise-open
    # sudo /etc/init.d/likewise-open start

Using the Default Domain with likewise-open 4.1

To use the default domain (and avoid using DOMAINuser to login) append the following line to /etc/samba/lwiauthd.conf

winbind use default domain = yes

Authenticating with likewise-open 5.1 (from Ubuntu 9.04 Repository)

  1. Install likewise-open5
    # sudo apt-get install likewise-open5
  2. Join the domain
    # sudo domainjoin-cli join your.fqdn domain_admin

    For example:

    # sudo domainjoin-cli join example.com Administrator

    REBOOT

  3. Update rc.d
    # sudo update-rc.d likewise-open defaults
  4. Start likewise-open
    # sudo /etc/init.d/lsassd start

Using the Default Domain with likewise-open 5.1

To use the default domain (and avoid using DOMAINuser to login) uncomment the following line in /etc/likewise-open5/lsassd.conf

assume-default-domain = yes

Giving Domain Administrators sudo Privileges

Append the following line to /etc/sudoers

%your.fdqn\domain^admins ALL=(ALL) ALL

Known Issues

  • After rebooting the computer and logging in you are given the error ‚ÄúDomain Controller unreachable, using cached credentials instead. Network rsource may be unavailable.‚Äù Likewise does not start correctly. You have to login as a local admin and run the following command and then users will be able to login.
    # sudo /etc/init.d/likewise-open restart
     Issue seems to be resolved with likewise-open5
  • If you are having issues authenticating wirelessly, make sure your wireless connection is established. In many instances, wireless will only connect after you login.
  • Samba does not hide hidden windows shares

This article was reprinted with permission from John Ciacia’s blog.