There are several ways to join a linux box to a Windows Active Directory domain. Some of these are as follows:
- Kerberos plus LDAP - a lower level method where Linux is set up to use Active Directory's underlying protocols yourself.
- Samba - the standard for joining Linux to a Windows domain.
- Microsoft Windows Services for Unix - includes options for serving usernames to Linux / UNIX via NIS and for synchronizing passwords to Linux / UNIX machines. This option is powerful but complex.
- Likewise - Likewise in a nutshell is Samba-in-a-box. It's easier to configure than a full-fledged Samba installation but offers less control. Likewise Open, which I'll be using, is free of charge. Their enterprise product, Likewise Enterprise, adds features to manage Linux via Group Policy. I'll be focusing primarily on Likewise - Open.
First, ensure that Likewise-Open is not installed on your Ubuntu workstation. If it is remove it and all dependencies via the Synaptic Package Manager. You can enter "likewise" in the search bar and you should easily be able to see all Likewise packages that are installed. If you prefer to do it via the command line you can go here for a list of CLI package management commands.
Once you have removed (if necessary) all Likewise packages you should go here and download the latest stable release of Likewise-Open, both agent and DomainJoin-GUI tool. This download page is actually pretty useful as it allows you to download both packages without having to sign up by email, validate said email, receive download link, etc.
Once you have both packages downloaded you will need to make them executable. You can do this via your terminal using the chmod command:
- navigate to the directory where your packages lie
- run the command: chmod +x Likewise*
Once completed you can install them again using the terminal as follows (your package name may vary):
- sudo ./LikewiseIdentityServiceOpen-5.3.0.7788-linux-i386-deb-installer
Follow through the basic installation procedures. Then install the next:
- sudo ./LikewiseDomainJoinGui-5.3.0.7788-linux-i386-deb-installer
Again follow through the basic installation procedure. Once completed you will want to run the domainjoin tool (from the command line) with:
- sudo domainjoin-gui
This will launch the domain join GUI. The pieces of information you will need are: machine name (entered by default), fully qualified domain name (FQDN, e.g.: mydomain.local or mydomain.com). You will then be prompted for a domain account, and password, with Domain Administrator priviledges. Once entered you will have successfully joined your Windows domain!
Some issues you may encounter (as I did) are incomplete nsswitch.conf and resolv.conf files. Both of these can be found in ./etc/ Resolv.conf contains information that determines the operational parameters of the DNS resolver routines installed in the operating system. Nsswitch.conf is a system configuration file. You must ensure that your domain DNS servers have been added to resolv.conf. You can enter them in priority (1 per line). This is my file as an example:
nameserver 192.168.1.12nameserver 192.168.1.13
In your nsswitch.conf file you will need to ensure that winbind and dns are entered properly like so:
# /etc/nsswitch.conf## Example configuration of GNU Name Service Switch functionality.# If you have the `glibc-doc-reference' and `info' packages installed, try:# `info libc "Name Service Switch"' for information about this file.passwd: compat winbind lsassgroup: compat winbind lsassshadow: compat winbindhosts: files dns winbind mdns4_minimal [NOTFOUND=return] mdns4networks: filesprotocols: db filesservices: db filesethers: db filesrpc: db filesnetgroup: nis
0 comments:
Post a Comment