If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Likewise Open Features
- Joins non-Windows systems to Active Directory domains in a single step from the command line or from a GUI
- Authenticates users with a single user name and password on both Windows and non-Windows
- Enforces the same password policies for non-Windows users and Windows users
- Supports multiple forests with one-way and two-way cross forest trusts
- Caches credentials in case your domain controller goes down
- Provides single sign-on for SSH and Putty
- Uses a robust next-generation authentication engine that supports Kerberos, NTLM, and SPNEGO
- Involves no Active Directory schema changes
Install likewise-open in Ubuntu Hardy
sudo aptitude install likewise-open-gui
This will complete the installation.
Adding Ubuntu Desktop to Active Directory Domain
You can do this using two methods using GUI or Using CLI
Using GUI
Applications -> Internet -> Likewise to join my computer to an active directory domain.
The only information we needed for successfully joining the AD domain was
1) The name of the domain to join
2) A domain administrator username and password
Enter that information into the application and lick the “join” button.
In order to log in with a domain account, log out of your current session. Log back in with a domain account
prepended with the domain and a backslash ie. domain\user. Enter the domain user’s password. All home folders for domain users are stored in /home/DOMAIN/username.
Using Command line
sudo domainjoin-cli join fqdn.of.your.domain Administrator
sudo update-rc.d likewise-open defaults
sudo /etc/init.d/likewise-open start
You can now log into your machine using your DOMAIN\user credentials. Remember that the DOMAIN\ part is mandatory and that it represents the short name of your Active Directory domain. You can join the domain using any user with sufficient privileges (there’s no need to use Administrator), and you can even directly join the PC in a particular OU passing the –ou argument to domainjoin-cli.
Remove from the windows Domain
The domainjoin-cli utility can also be used to remove from the domain.
sudo domainjoin-cli leave
Allow Active Directory Domain Administrators to Administer Ubuntu
This will allow members of the Domain Admins AD group to issue sudo commands. From a command prompt
sudo visudo
Add this line to the resulting file
%YOURDOMAINNAME\\domain^admins ALL=(ALL) ALL
save and exit file
Gr8 ! Extremely useful, and perfect.
Works like a charm. Tnx
also using AD 2000?
tks.
Anyone taken this further and mounted SMB shares with the credentials the person logged in with?
i.e. log into my machine, I have my ‘department’ and ‘user’ directory automatically mapped and uses the credentials that I’m logged in with?
how to save after added the line though sudo visudo?
By the way, I found that when I switch user or add device it will ask for authentication but my domain passowrd is very long then ubuntu/likewise can’t support….and causes AD account lockedout.
regards.
It might be better to put some strawberry lip gloss on the join button prior to licking–it just tastes better
cheers for this howto!! perfect! works as described!
Excellent guide but I have a few follow up questions.
Does anyone have a clear cut guide on how to take this to the next stage as in mapping users home folders to \\exampleserver\group\home\user
All the guides I have found dotted around the internet relate to using seperate kerberos authentication and winbind and blah blah blah. None of them point at configuring it using Likewise Open.
Also, another question. I have read that adding the line
winbind use default domain = yes
to the /etc/samba.lwiauthd.conf file allows domain users to login without having to prefix their userid with the domain name (joeblogs instead domain\joeblogs).
However, when I entered this line into the file, I try to login to ubuntu with just my user id and I receive the error message; cannot create user xxxxxxxx. This is strange as it then proceeds to log me in to the correct account.
If anyone could assist on any of these problems it would be very much appreciated.
Great program. Worked like a charm for me. I am in the same situation as James though.
I am at a school trying to recycle some old windows boxes into linux machines. Likewise Open helped with authenticating the users with Active Directory, but like James, I need the students Window’s Share folder to be mounted and mapped upon login.
Any suggestions or help is appreciated!
Hi. I am beginner in Linux.
Can you help me please? How to easy connect my Kubuntu 8.10 into Windows domain just clicking? Thank you.