Using Likewise-Open to join Ubuntu to a Windows Active Directory Domain

The Active Directory domain I manage during the day is composed mainly of Windows workstations and servers but the versatility and sheer usefulness of a Linux workstation cannot be disregarded. I have successfully integrated several Linux machines into my AD network and thought I would write a quick article outlining the several important steps involved in doing so. My reasons for this are because while there is plenty of information on the web outlining how to do this I found no concise all-in-one-place writeup. With these instructions it should only take you 10 minutes at most to join your Ubuntu 10.04 workstation to your Microsoft Active Directory domain. So, without any further chatter here are the instructions:

• install Ubuntu 10.04 workstation (you could also install the server variant easilly enough and use the Likewise-Open domainjoin-cli tool instead of the gui).
• first off, set up your networking (this configuration is for a static ip on a class C network):
  

  sudo nano /etc/network/interfaces
  
  and be sure to fill out the following information:
  
  auto eth0
  iface eth0 inet static
  address 10.0.0.200 (this is the desired workstation ip address)
  gateway 10.0.0.10 (this is your network gateway address)
  netmask 255.255.255.0
  network 10.0.0.0
  broadcast 10.0.0.255 (network broadcast address)
  

• the next step is to configure your network proxy. Using the gui you can do this by:
  
  

  System, Preferences, Network Proxy Preferences
  set it to 'manual proxy config'
  set your http proxy (mine is my gateway, or 10.0.0.10 port 8080
  

• the next step is to install Likewise-Open. I recommend downloading the latest stable version. In order to download you'll have to register and have a url emailed to you. However, you can click HERE if you'd like to skip that step as the url is publically available. Be sure to download the GUI tool if you so desire. I will give instructions for using both the CLI and GUI tool.
• the next, and most important, step is to modify your nsswitch.conf, or name service switch, file. You can edit this file by issueing the terminal command: sudo nano /etc/nsswitch.conf . Here is how you should have it set up:
  

  passed: compat winbind lsass
  group: compat winbind lsass
  shadow: compat winbind
  hosts: files dns winbind mdns4_minimal [NOTFOUND=return] mdns4
  networks: files
  protocols: db files
  services: db files
  ethers: db files
  rpc: db files
  netgroup: nis

• once this is completed you will want to restart your machines networking. You can do this by issuing the terminal command: sudo /etc/init.d/network restart
• the last step is to use either the gui or cli tool to join your AD domain. From the command line you can issue the command:
  
  sudo domainjoin-cli join example.com Administrator
  
  Where example.com is the Fully Qualified Domain Name (FQDN) of your domain and Administrator is the name of the AD user account with sufficient permissions to join a machine to the domain.
• to perform this last step by means of the GUI execute the following line from your terminal command line: sudo domainjoin-gui
• this will load the gui tool. The information you will need to fill out is:
  - the name of the computer you are attempting to join (eg: MyComputer)
  - your FQDN (eg: example.com, or example.local)
  - and press join. You will then be presented with a new dialog asking for the Windows AD account name and password that has sufficient priviledges to join the domain.

And that's it. If you found this post helpful be sure to leave a comment. If you have any suggestions please do not hesitate to do the same. Thanks for reading.