This tutorial will explain how to add a Linux/GNU server/desktop to Microsoft Windows Server 2003 Active Directory.We are going to use Likewise Open. Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials. We will be using Ubuntu 8.04 in this tutorial…
Likewise Open Features
- Joins non-Windows systems to Active Directory domains in a single step from the command line or from a GUI
- Authenticates users with a single user name and password on both Windows and non-Windows
- Enforces the same password policies for non-Windows users and Windows users
- Supports multiple forests with one-way and two-way cross forest trusts
- Caches credentials in case your domain controller goes down
- Provides single sign-on for SSH and Putty
- Uses a robust next-generation authentication engine that supports Kerberos, NTLM, and SPNEGO
- Involves no Active Directory schema changes
Install likewise-open in Ubuntu Hardy
sudo aptitude install likewise-open-gui
This will complete the installation.
Adding Ubuntu Desktop to Active Directory Domain
You can do this using two methods using GUI or Using CLI
Applications -> Internet -> Likewise to join my computer to an active directory domain.
The only information we needed for successfully joining the AD domain was
1) The name of the domain to join
2) A domain administrator username and password
Enter that information into the application and lick the “join” button.
In order to log in with a domain account, log out of your current session. Log back in with a domain account
prepended with the domain and a backslash ie. domain\user. Enter the domain user’s password. All home folders for domain users are stored in /home/DOMAIN/username.
Using Command line
sudo domainjoin-cli join fqdn.of.your.domain Administrator sudo update-rc.d likewise-open defaults sudo /etc/init.d/likewise-open start
You can now log into your machine using your DOMAIN\user credentials. Remember that the DOMAIN\ part is mandatory and that it represents the short name of your Active Directory domain. You can join the domain using any user with sufficient privileges (there’s no need to use Administrator), and you can even directly join the PC in a particular OU passing the –ou argument to domainjoin-cli.
Remove from the windows Domain
The domainjoin-cli utility can also be used to remove from the domain.
sudo domainjoin-cli leave
Allow Active Directory Domain Administrators to Administer Ubuntu
This will allow members of the Domain Admins AD group to issue sudo commands. From a command prompt
Add this line to the resulting file
%YOURDOMAINNAME\\domain^admins ALL=(ALL) ALL
save and exit file
[phpbay]linux tux, 5, “”, “”[/phpbay]