While Linux is a fantastic operating system, when it comes to user rights management, Active Directory is far superior than anything Linux currently implements. As a result many businesses and organizations implement the technology. For a longtime it was extremely difficult to get a Linux operating system to authenticate with active directory–configuring multiple services and managing to get them to work with each other, let alone work with Windows was a task best left for those with years of Linux administration experience. However, in recent years as Linux has become more user friendly, and it should be no surprise that authenticating with active directory has become easy too. In the past few days I have been working with an Open Source software called likewise-open which is in the official Ubuntu repositories. Below is a quick guide to getting started and some tips/issues I have found.
Authenticating with likewise-open 4.1 (from Ubuntu 8.04 Repository)
- Install likewise-open
# sudo apt-get install likewise-open
- Join the domain
# sudo domainjoin-cli join your.fqdn domain_admin
For example:
# sudo domainjoin-cli join example.com Administrator
REBOOT
- Update rc.d
# sudo update-rc.d likewise-open defaults
- 4. Start likewise-open
# sudo /etc/init.d/likewise-open start
Using the Default Domain with likewise-open 4.1
To use the default domain (and avoid using DOMAINuser to login) append the following line to /etc/samba/lwiauthd.conf
winbind use default domain = yes
Authenticating with likewise-open 5.1 (from Ubuntu 9.04 Repository)
- Install likewise-open5
# sudo apt-get install likewise-open5
- Join the domain
# sudo domainjoin-cli join your.fqdn domain_admin
For example:
# sudo domainjoin-cli join example.com Administrator
REBOOT
- Update rc.d
# sudo update-rc.d likewise-open defaults
- Start likewise-open
# sudo /etc/init.d/lsassd start
Using the Default Domain with likewise-open 5.1
To use the default domain (and avoid using DOMAINuser to login) uncomment the following line in /etc/likewise-open5/lsassd.conf
assume-default-domain = yes
Giving Domain Administrators sudo Privileges
Append the following line to /etc/sudoers
%your.fdqn\domain^admins ALL=(ALL) ALL
Known Issues
- After rebooting the computer and logging in you are given the error “Domain Controller unreachable, using cached credentials instead. Network rsource may be unavailable.” Likewise does not start correctly. You have to login as a local admin and run the following command and then users will be able to login.
# sudo /etc/init.d/likewise-open restart
Issue seems to be resolved with likewise-open5
- If you are having issues authenticating wirelessly, make sure your wireless connection is established. In many instances, wireless will only connect after you login.
- Samba does not hide hidden windows shares
This article was reprinted with permission from John Ciacia’s blog.