How to add Ubuntu 8.04 to win server 2003 Active Directory Domain
Likewise Open Features
- Joins non-Windows systems to Active Directory domains in a single step from the command line or from a GUI
- Authenticates users with a single user name and password on both Windows and non-Windows
- Enforces the same password policies for non-Windows users and Windows users
- Supports multiple forests with one-way and two-way cross forest trusts
- Caches credentials in case your domain controller goes down
- Provides single sign-on for SSH and Putty
- Uses a robust next-generation authentication engine that supports Kerberos, NTLM, and SPNEGO
- Involves no Active Directory schema changes
Install likewise-open in Ubuntu Hardy
sudo aptitude install likewise-open-gui
This will complete the installation.
Adding Ubuntu Desktop to Active Directory Domain
You can do this using two methods using GUI or Using CLI
Applications -> Internet -> Likewise to join my computer to an active directory domain.
The only information we needed for successfully joining the AD domain was
1) The name of the domain to join
2) A domain administrator username and password
Enter that information into the application and lick the “join” button.
In order to log in with a domain account, log out of your current session. Log back in with a domain account
prepended with the domain and a backslash ie. domain\user. Enter the domain user’s password. All home folders for domain users are stored in /home/DOMAIN/username.
Using Command line
sudo domainjoin-cli join fqdn.of.your.domain Administrator
sudo update-rc.d likewise-open defaults
sudo /etc/init.d/likewise-open start
You can now log into your machine using your DOMAIN\user credentials. Remember that the DOMAIN\ part is mandatory and that it represents the short name of your Active Directory domain. You can join the domain using any user with sufficient privileges (there’s no need to use Administrator), and you can even directly join the PC in a particular OU passing the –ou argument to domainjoin-cli.
Remove from the windows Domain
The domainjoin-cli utility can also be used to remove from the domain.
sudo domainjoin-cli leave
Allow Active Directory Domain Administrators to Administer Ubuntu
This will allow members of the Domain Admins AD group to issue sudo commands. From a command prompt
Add this line to the resulting file
%YOURDOMAINNAME\\domain^admins ALL=(ALL) ALL
save and exit file
Gr8 ! Extremely useful, and perfect.
Works like a charm. Tnx
also using AD 2000?
Anyone taken this further and mounted SMB shares with the credentials the person logged in with?
i.e. log into my machine, I have my ‘department’ and ‘user’ directory automatically mapped and uses the credentials that I’m logged in with?
how to save after added the line though sudo visudo?
By the way, I found that when I switch user or add device it will ask for authentication but my domain passowrd is very long then ubuntu/likewise can’t support….and causes AD account lockedout.
It might be better to put some strawberry lip gloss on the join button prior to licking–it just tastes better 😉
cheers for this howto!! perfect! works as described!
Excellent guide but I have a few follow up questions.
Does anyone have a clear cut guide on how to take this to the next stage as in mapping users home folders to \\exampleserver\group\home\user
All the guides I have found dotted around the internet relate to using seperate kerberos authentication and winbind and blah blah blah. None of them point at configuring it using Likewise Open.
Also, another question. I have read that adding the line
winbind use default domain = yes
to the /etc/samba.lwiauthd.conf file allows domain users to login without having to prefix their userid with the domain name (joeblogs instead domain\joeblogs).
However, when I entered this line into the file, I try to login to ubuntu with just my user id and I receive the error message; cannot create user xxxxxxxx. This is strange as it then proceeds to log me in to the correct account.
If anyone could assist on any of these problems it would be very much appreciated.
Great program. Worked like a charm for me. I am in the same situation as James though.
I am at a school trying to recycle some old windows boxes into linux machines. Likewise Open helped with authenticating the users with Active Directory, but like James, I need the students Window’s Share folder to be mounted and mapped upon login.
Any suggestions or help is appreciated!
Hi. I am beginner in Linux.
Can you help me please? How to easy connect my Kubuntu 8.10 into Windows domain just clicking? Thank you.
Error code: (null) (0x00080043)
Time is too valu- able to waste on the discontinuous, inef- fective inservice programs still popular in our schools. ,
I followed the instruction and the pc has joined the domain (I’m sure of it!).
But when I try to login with the DOMAIN\user credential, I have to wait and the pc seems to be locked. I have to restart manually. Then I log with the normal user: I find the new created home directory for DOMAIN\user but the login is not possible
Is it normal to wait for a long time in the login?
Thanks in advance. Francis
Hi. I am beginner in Linux.
I get this message:
Unable to resolve DC name
Error code: CENTERROR_DOMAINJOIN_UNRESOLVED_DOMAIN_NAME (0x00080026)
Can you help me please?
Install Like wise open
Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials.
I did the “sudo aptitude install likewise-open-gui” command which appeared to work fine, but under “Applications -> Internet -> ” there is no likewise choice even after restart. Any help?
I found it under system> administration>
Well… I tried as discribed, on a desktop and server enviroment, but I keep getting the same reply:
Error: Lsass Error [code 0x00080047]
9502 (0x251E) DNS_ERROR_BAD_PACKET - A bad packet was received from a DNS
server. Potentially the requested address does not exist.
AD/DC runs on Win2k3 and several Windows machines are added to the AD/DC
Can anyone help me out?
If you get this message it’s your Windows firewall. Either shut down your firewall or make exceptions.
I’m getting the same error as Martens and have windows firewall disabled. Any other suggestions?
What Larry sais
I’m also getting the same error as Martens, and I also have my windows 2003 firewall disable.
The program told me that I had successfully joined the domain
I havea local domain name = ADMINSYSTEM.COM When ubuntu prompts me to login I choose ‘other user’ and type
‘ADMINSYSTEM\remoty’ and put the password of remoty (a local user in UBUNTU machine) but ubuntu refuses to log me in until I choose one of local ubuntu logins….. any help ? 🙁
WOW !!! That what means trying things in 2 am 😀 I had to login with a user account declared in AD 😀 My Bad 😀