Authenticate to Active Directory with Ubuntu

Authenticate to Active Directory with Ubuntu: "Authenticate to Active Directory with Ubuntu
Friday, 10 July 2009 08:04 John Ciacia

While Linux is a fantastic operating system, when it comes to user rights management, Active Directory is far superior than anything Linux currently implements. As a result many businesses and organizations implement the technology. For a longtime it was extremely difficult to get a Linux operating system to authenticate with active directory--configuring multiple services and managing to get them to work with each other, let alone work with Windows was a task best left for those with years of Linux administration experience. However, in recent years as Linux has become more user friendly, and it should be no surprise that authenticating with active directory has become easy too. In the past few days I have been working with an Open Source software called likewise-open which is in the official Ubuntu repositories. Below is a quick guide to getting started and some tips/issues I have found.
Authenticating with likewise-open 4.1 (from Ubuntu 8.04 Repository)

1. Install likewise-open

# sudo apt-get install likewise-open

2. Join the domain

# sudo domainjoin-cli join your.fqdn domain_admin

For example:

# sudo domainjoin-cli join example.com Administrator

REBOOT
3. Update rc.d

# sudo update-rc.d likewise-open defaults

4. 4. Start likewise-open

# sudo /etc/init.d/likewise-open start

Using the Default Domain with likewise-open 4.1

To use the default domain (and avoid using DOMAIN\user to login) append the following line to /etc/samba/lwiauthd.conf

winbind use default domain = yes

Authenticating with likewise-open 5.1 (from Ubuntu 9.04 Repository)

1. Install likewise-open5

# sudo apt-get install likewise-open5

2. Join the domain

# sudo domainjoin-cli join your.fqdn domain_admin

For example:

# sudo domainjoin-cli join example.com Administrator

REBOOT
3. Update rc.d

# sudo update-rc.d likewise-open defaults

4. Start likewise-open

# sudo /etc/init.d/lsassd start

Using the Default Domain with likewise-open 5.1

To use the default domain (and avoid using DOMAIN\user to login) uncomment the following line in /etc/likewise-open5/lsassd.conf

assume-default-domain = yes

Giving Domain Administrators sudo Privileges

Append the following line to /etc/sudoers

%your.fdqn\\domain^admins ALL=(ALL) ALL

Known Issues

* After rebooting the computer and logging in you are given the error “Domain Controller unreachable, using cached credentials instead. Network rsource may be unavailable.” Likewise does not start correctly. You have to login as a local admin and run the following command and then users will be able to login.

# sudo /etc/init.d/likewise-open restart

Issue seems to be resolved with likewise-open5

* If you are having issues authenticating wirelessly, make sure your wireless connection is established. In many instances, wireless will only connect after you login.
* Samba does not hide hidden windows shares

This article was reprinted with permission from John Ciacia's blog."