How to: Active Directory Integration with Centrify DirectControl Express on Ubuntu 11.10 (Oneiric Ocelot)

November 18, 2011 · General, Networking, Security, Server · Email This Post

Many Ubuntu users and Administrators struggle with Active Directory integration. One approach that folks are using is the free offerings from Centrify Express.

Through the DirectManage Express or DirectControl Express downloads you can quickly and easily join a Ubuntu 11.10 (Oneiric) server or desktop to Active Directory. Using either of these approaches an intelligent install script is used to install the DirectControl Express agent and join the system to Active Directory.

Many Ubuntu users however prefer to install software packages like Centrify DirectControl Express using the built in package managers like Software Center, Synaptic, Adept, Aptitude, apt-get or others.

Recently, Canonical has certified and published Centrify DirectControl Express in the 11.10 Oneiric repository. This article will describe how to ensure that the partner repository is available and describe how to install DirectControl Express and join a system to Active Directory...

Before you get started, make sure you have:

  • The sudo password and rights to install the software regardless of the method used.
  • The username and password of an Active Directory account that has permission to join a computer to AD.
NOTE: Both DirectManage Express and DirectControl Express normal installation methods automatically install the Centrify-Enabled OpenSSH package. The method described in this article does not. If you want to use the Centrify-Enabled version of OpenSSH you will need to install using either the DirectManage or DirectControl approach using the default installer.
Now you are ready to get started:

As there are many tools to do installations, I am only going to cover two of them -- Software Center and the CLI using apt tools.

 

  • The first step is to enable the Oneiric partner repository where the DirectControl Express package is made available. Via the Software Center you need to select Edit ==> Software Sources ==> Other Software (tab) and make sure the checkbox is checked for the partner repository as follows:
    Screen Shot 2011-10-24 at 3.33.40 PM.png
    You can also add the partner repository from the command line as follows (for oneiric):

 

sudo add-apt-repository "deb http://archive.canonical.com/ oneiric partner"
  • Once you have the partner repository added you are now ready to find and install the DirectControl bits.From the Software Center you can search for Centrify and you will find the following package:
    image001.png
    Simply select install, enter your sudo password and wait for installation.Alternatively you can install via apt-get as follows:
 sudo apt-get install centrifydc
  • Once you have successfully install the centrifydc package you must join the system to Active Directory.
sudo adjoin -w domain.name
where domain.name is the name of your Active Directory domain.
NOTE: You will need your Active Directory administrator password to run this command. You may specify a user other than the default administrator with the -u option (--user). See the adjoin manpage for more information on how to run the adjoin command as another user.
Assuming this is successful you should be able to run the following command to verify the join:
adinfo
and the output should look something like this:
cowillia@ubuntu:~$ adinfo
Local host name:   ubuntu
Joined to domain:  centrify.se
Joined as:         ubuntu.centrify.se
Pre-win2K name:    ubuntu
Current DC:        se-win2k8ent.centrify.se
Preferred site:    Default-First-Site-Name
Zone:              Auto Zone
CentrifyDC mode:   connected
Licensed Features: Disabled
cowillia@ubuntu:~$ adinfo
Local host name:   ubuntu
Joined to domain:  centrify.se
Joined as:         ubuntu.centrify.se
Pre-win2K name:    ubuntu
Current DC:        se-win2k8ent.centrify.se
Preferred site:    Default-First-Site-Name
Zone:              Auto Zone
CentrifyDC mode:   connected
Licensed Features: Disabled

That’s all you have to do! You have now joined your Linux system to Active Directory! Verify authentication by attempting to log on to the Linux computer by using any Active Directory user account. When using Centrify DirectControl Express Edition, you are connected to the domain through Auto Zone, which is essentially one super zone for the forest. By default, when you join a domain by connecting to Auto Zone, all users and groups defined in Active Directory for the forest automatically become valid users and groups on the Linux or Mac OS X computer.
NOTE: GDM needs to be restarted before login for an AD user will work, the easiest way is to simply restart the system.

Incoming search terms:

Related posts

1 Comment to “How to: Active Directory Integration with Centrify DirectControl Express on Ubuntu 11.10 (Oneiric Ocelot)”

  1. Y says:
    April 24, 2013 at 12:25 am

    Hi .. im absolutely new to linux/ubuntu.. while trying to follow the steps here above i receive following text.. can anyone help.. sorry for being so naive and unexperimented..
    Cannot find an Active Directory domain named ‘domain.name’ in DNS or ‘/etc/centrifydc/centrifydc.conf’
    Join to domain ‘domain.name’, zone ‘Auto Zone’ failed.
    y@y-HP-PAVILION-DV7-NOTEBOOK-PC:~$ sudo adjoin -w domain.name
    Using LDAP to create computer name larger than 15 characters.
    This requires Windows Administrator privileges.
    Try -N option if you cannot use an Administrator account.

    [Reply]

Leave a Reply