How to add Ubuntu 8.04 to win server 2003 Active Directory Domain

Sponsored Link
This tutorial will explain how to add Ubuntu 8.04 desktop to win server 2003 Active Directory.We are going to use Likewise Open.Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials.

Likewise Open Features

  • Joins non-Windows systems to Active Directory domains in a single step from the command line or from a GUI
  • Authenticates users with a single user name and password on both Windows and non-Windows
  • Enforces the same password policies for non-Windows users and Windows users
  • Supports multiple forests with one-way and two-way cross forest trusts
  • Caches credentials in case your domain controller goes down
  • Provides single sign-on for SSH and Putty
  • Uses a robust next-generation authentication engine that supports Kerberos, NTLM, and SPNEGO
  • Involves no Active Directory schema changes

Install likewise-open in Ubuntu Hardy

sudo aptitude install likewise-open-gui

This will complete the installation.

Adding Ubuntu Desktop to Active Directory Domain

You can do this using two methods using GUI or Using CLI

Using GUI

Applications -> Internet -> Likewise to join my computer to an active directory domain.

The only information we needed for successfully joining the AD domain was

1) The name of the domain to join

2) A domain administrator username and password

Enter that information into the application and lick the “join” button.

In order to log in with a domain account, log out of your current session. Log back in with a domain account
prepended with the domain and a backslash ie. domain\user. Enter the domain user’s password. All home folders for domain users are stored in /home/DOMAIN/username.

Using Command line

sudo domainjoin-cli join fqdn.of.your.domain Administrator

sudo update-rc.d likewise-open defaults

sudo /etc/init.d/likewise-open start

You can now log into your machine using your DOMAIN\user credentials. Remember that the DOMAIN\ part is mandatory and that it represents the short name of your Active Directory domain. You can join the domain using any user with sufficient privileges (there’s no need to use Administrator), and you can even directly join the PC in a particular OU passing the –ou argument to domainjoin-cli.

Remove from the windows Domain

The domainjoin-cli utility can also be used to remove from the domain.

sudo domainjoin-cli leave

Allow Active Directory Domain Administrators to Administer Ubuntu

This will allow members of the Domain Admins AD group to issue sudo commands. From a command prompt

sudo visudo

Add this line to the resulting file


save and exit file

Sponsored Link

You may also like...

23 Responses

  1. Rahil Sarwar says:

    Gr8 ! Extremely useful, and perfect.
    Works like a charm. Tnx

  2. venhow says:

    also using AD 2000?

  3. bmorriso says:

    Anyone taken this further and mounted SMB shares with the credentials the person logged in with?

    i.e. log into my machine, I have my ‘department’ and ‘user’ directory automatically mapped and uses the credentials that I’m logged in with?

  4. sam says:

    how to save after added the line though sudo visudo?

    By the way, I found that when I switch user or add device it will ask for authentication but my domain passowrd is very long then ubuntu/likewise can’t support….and causes AD account lockedout.


  5. Fr33d0m says:

    It might be better to put some strawberry lip gloss on the join button prior to licking–it just tastes better 😉

  6. Steve says:

    cheers for this howto!! perfect! works as described!

  7. James says:

    Excellent guide but I have a few follow up questions.

    Does anyone have a clear cut guide on how to take this to the next stage as in mapping users home folders to \\exampleserver\group\home\user

    All the guides I have found dotted around the internet relate to using seperate kerberos authentication and winbind and blah blah blah. None of them point at configuring it using Likewise Open.

    Also, another question. I have read that adding the line

    winbind use default domain = yes

    to the /etc/samba.lwiauthd.conf file allows domain users to login without having to prefix their userid with the domain name (joeblogs instead domain\joeblogs).

    However, when I entered this line into the file, I try to login to ubuntu with just my user id and I receive the error message; cannot create user xxxxxxxx. This is strange as it then proceeds to log me in to the correct account.

    If anyone could assist on any of these problems it would be very much appreciated.

  8. Ryan says:

    Great program. Worked like a charm for me. I am in the same situation as James though.

    I am at a school trying to recycle some old windows boxes into linux machines. Likewise Open helped with authenticating the users with Active Directory, but like James, I need the students Window’s Share folder to be mounted and mapped upon login.

    Any suggestions or help is appreciated!

  9. n says:

    Hi. I am beginner in Linux.
    Can you help me please? How to easy connect my Kubuntu 8.10 into Windows domain just clicking? Thank you.

  10. daniel says:

    Error code: (null) (0x00080043)


  11. Settor28 says:

    Time is too valu- able to waste on the discontinuous, inef- fective inservice programs still popular in our schools. ,

  12. fm_bl says:

    I followed the instruction and the pc has joined the domain (I’m sure of it!).
    But when I try to login with the DOMAIN\user credential, I have to wait and the pc seems to be locked. I have to restart manually. Then I log with the normal user: I find the new created home directory for DOMAIN\user but the login is not possible
    Is it normal to wait for a long time in the login?
    Thanks in advance. Francis

  13. DS says:

    Hi. I am beginner in Linux.

    I get this message:

    Unable to resolve DC name



    Can you help me please?

  14. kris says:

    Install Like wise open

    Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials.

  15. stephen johnson says:

    I did the “sudo aptitude install likewise-open-gui” command which appeared to work fine, but under “Applications -> Internet -> ” there is no likewise choice even after restart. Any help?

  16. stephen johnson says:

    I found it under system> administration>

  17. Martens says:

    Well… I tried as discribed, on a desktop and server enviroment, but I keep getting the same reply:
    Error: Lsass Error [code 0x00080047]

    9502 (0x251E) DNS_ERROR_BAD_PACKET - A bad packet was received from a DNS
    server. Potentially the requested address does not exist.
    AD/DC runs on Win2k3 and several Windows machines are added to the AD/DC

    Can anyone help me out?

  18. Jeight says:

    If you get this message it’s your Windows firewall. Either shut down your firewall or make exceptions.

  19. Larry says:

    I’m getting the same error as Martens and have windows firewall disabled. Any other suggestions?

  20. Martens says:

    What Larry sais

  21. leo says:

    I’m also getting the same error as Martens, and I also have my windows 2003 firewall disable.

    Please assist!

  22. Haythem says:

    The program told me that I had successfully joined the domain
    I havea local domain name = ADMINSYSTEM.COM When ubuntu prompts me to login I choose ‘other user’ and type
    ‘ADMINSYSTEM\remoty’ and put the password of remoty (a local user in UBUNTU machine) but ubuntu refuses to log me in until I choose one of local ubuntu logins….. any help ? 🙁

  23. Haythem says:

    WOW !!! That what means trying things in 2 am 😀 I had to login with a user account declared in AD 😀 My Bad 😀

Leave a Reply

Your email address will not be published. Required fields are marked *