Site owners

  • Vishal Gupta

About Us

Page authors

  • Vishal Gupta
    August 13, 2011

How to unplug from Facebook, Twitter and Google+

Home‎ > ‎

How to join UBUNTU Client from the Windows Server 2008 Active Directory

Integrate Ubuntu 11.04 or later with Active Directory for secure authentication.


1. Install Likewise Open on Ubuntu, Join a Domain, and Log On

This document describes how to install the version of Likewise Open that is part of the Ubuntu distribution, add an Ubuntu computer to an Active Directory domain, and log on with your domain credentials. (Watch a video.)

Step 1: Install Likewise Open with Apt-Get

Run the following command as root to install Likewise Open:

sudo apt-get install likewise-open

During installation, the krb5-config package might prompt you for your realm -- just leave it blank and continue by clicking OK. Likewise automatically configures Kerberos when you join the domain.

With the desktop version of Ubuntu, you can optionally install the graphical interface version of the domain-join utility. The GUI package is unavailable on an Ubuntu server.

sudo apt-get install likewise-open-gui

Step 2: Join Active Directory

Before you attempt to join a domain, make sure your computer meets the following requirements:

  • Make sure your computer's name server can find the domain: nslookup yourDomainName

  • Ping the domain to verify that your computer can reach the domain controller.

  • Make sure the /etc/nsswitch.conf file contains the following line:

    hosts: files dns

    The hosts line can contain additional information, but it must include the dns entry, and it is recommended that the dns entry appear after the files entry.

  • When you use Likewise with Multicast DNS 4 (mDNS4) and have a domain in your environment that ends in .local, you must place the dns entry before the mdns4_minimalentry and before the mdns4 entry:

    hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4

To join a domain, execute the following command as root, replacing domainName with the FQDN of the domain that you want to join and joinAccount with the user name of an Active Directory account that has privileges to join computers to the domain:

sudo domainjoin-cli join domainName joinAccount

Example: sudo domainjoin-cli join likewisedemo.com Administrator

After joining a domain for the first time, you must restart the computer before you can log on with your AD credentials.

To solve problems, see Troubleshooting Domain-Join Problems or run this command at the command line: domainjoin-cli --help. To leave a domain, run this command:domainjoin-cli leave. For more information on all this, see the Likewise Open Installation and Administration Guide.

Alternatively, with the desktop version of Ubuntu, you can use the Likewise domain-join GUI to join a domain if you installed it. To launch the GUI, run the following command as root:

sudo domainjoin-gui

In the Domain box, enter the FQDN of the domain that you want to join and then click Join Domain:

Step 3: Log On with AD Credentials

After you join a domain and restart your Ubuntu computer, you can log on interactively or from the text login prompt with your Active Directory credentials in the following form:DOMAIN\username. If you have set a default domain, just use your Active Directory username.

  • Log on the system console by using an Active Directory user account in the form of DOMAIN\username, where DOMAIN is the Active Directory domain name. Example:

    likewisedemo.com\kathy

  • When you log on from the command line, for example with ssh, you must use a slash to escape the slash character, making the logon form as follows:

    DOMAIN\\username.

To troubleshoot issues, see Solve Logon Problems on Linux.

2. Set Common Options

This section shows you how to quickly modify two common Likewise settings -- the default domain and the shell -- by running the Likewise configuration tool, called lwconfig. To view the settings you can change with lwconfig, execute the following command as root:

lwconfig --list

The syntax to change the value of a setting is as follows, where setting is replaced by the Likewise option that you want to change and value by the new value that you want to set:

lwconfig setting value

Here's an example of how to use lwconfig to change the AssumeDefaultDomain setting:

sudo lwconfig --detail AssumeDefaultDomain 1
Name: AssumeDefaultDomain
Description: Apply domain name prefix to account name at logon
Type: boolean
Current Value: false
Accepted Values: true, false
Current Value is determined by local policy.

sudo lwconfig AssumeDefaultDomain true 2

sudo lwconfig --show AssumeDefaultDomain 3
boolean
true
local policy

1

Use the --detail argument to view the setting's current value and to determine the values that it accepts.

2

Set the value to true.

3

Use the --show argument to confirm that the value was set to true.

Here's another example. To set the shell for a domain account, run lwconfig as root with the LoginShellTemplate setting followed by the path and shell that you want:

sudo lwconfig LoginShellTemplate /bin/bash

For more information, see Set the Home Directory and Shell for Domain Users and the section in the guide on lwconfig.

3. Give Your Domain Account Admin Rights

You can give your Active Directory account local administrative rights to execute commands with superuser privileges and perform tasks as a superuser. On Ubuntu, simply add your domain account to the admin group in the /etc/group file by entering a line like the following as root:

admin:x:115:LIKEWISEDEMO\kathy

4. Command-Line Utilities in /usr/bin

The version of Likewise Open that comes with Ubuntu includes a variety of command-line tools in /usr/bin. Not included, however, is the interoperability tool to integrate Likewise with Samba. To obtain the tool, download the latest version of Likewise Open for free from the Likewise web site.

In the version of Likewise Open available from the Likewise web site, the command-line utilities and libraries are installed in their own bin and lib directories in /opt/likewise.

5. Upgrade to the Latest Version of Likewise Open

Go to http://www.likewise.com/download/. After you register, right-click the download link for Ubuntu on the Likewise Open Download page and then save the installer to the desktop of your computer.

Although the latest Ubuntu 11.04 release makes the likewise-open package available through the apt-get install command, the Likewise Open 6 installer that you download from www.likewise.com does not support upgrading from the package. Before you upgrade from the version available through Ubuntu, it is recommended that you leave the domain, uninstall the domain join GUI package (likewise-open-gui), and uninstall the likewise-open package.

Before you deploy Likewise Open in anything other than a test or personal environment, you should read the Likewise Open Installation and Administration Guide.

Comments