Joining an Active Directory domain with Ubuntu

Veröffentlicht am von

What a pain. Imagine you are in Windows network environment and have a small amount of Ubuntu desktops. You task is to let them join the Active Directory so users can login with their known credentials. There is a package in universe called „authtool“ even providing and promising to do what you need. Sadfully it is quite broken in it’s current status and if you ask me one should even consider removing it until it does at least not break you boot (don’t ask for details) and has a good set of working dependencies. There are other methods as ldap-binding but in my eyes there are either not stable or just too complicated to configure (and therefore hardly qualified for convincing people).

But a solution approaches if you read the following Ubuntu blueprint „Single User Interface to Join and Participate in Microsoft Active Directory Domains„. Currently you might not find much more information about it. So I dropped a line to the blueprint creator Gerald ‚Jerry‘ Carter who was so kind of updating me with the current status of the project (and happens to be directly involved in Likewise):

It is planned to package the open source version of Likewise called „Likewise Open“ for Ubuntu Hardy. Likewise Open enables you to join an Active Directory with actually some simple clicks or one console command. There is already an updated source tarball which can be installed quite easily:

1
2
3
4
5

$ wget \http://archives.likewisesoftware.com/\
likewise-open/src/likewise-open-4.0.4.tar.gz
$ tar zxf likewise-open-4.0.4.tar.gz
$ cd likewise-open-4.0.4-release
$ make dpkg

If you have all necessary dependencies resolved the make process should provide you with .deb files which you should install. As Jerry states there is currently one blocker which can be worked by not using the gui but calling a line like this

1

$ sudo domainjoin-cli join AD_REALM ADMIN_ACCOUNT

Afterwards you should be able to login like this „realm\username“. I tried the process on Gutsy and it worked quite well. I had to reboot once as my gdm hang – maybe it’s better to call the command directly from a „real“ console. So what is missing? Check the comparison of Likewise Open and Likewise Enterprise, the commercial version of Likewise. The thing you might miss at first is:

Do more during logon: Create a home directory, copy template files, set permissions, run scripts, deliver messages, and more.

This means that Likewise Open enables you to login as AD user, creates his home under /local/AD_REALM/USER but you have be smart and hack around a bit to get things working like managing sudo, running scripts and so on. But nonetheless Likewise Open seems to be a promising approach for solving the problem of Ubuntu-Windows-network integration and I am sure to see some nice addons from the community in the future.

Please note: Installing software that changes login procedures is a deep intervention into Linux core procedures. So please: Do this with a test environment before considering it for production purposes.

16 Gedanken zu “Joining an Active Directory domain with Ubuntu

  1. Hi Caspar,
    would the package be DFSG free, for inclusion in main, contrib or non-free? What about Ubuntu? Is it packaged for Debian? If not, might it good to send an RFP or ITP?
    cheers

  2. Hi Kevin,

    Jerry told me, that the packages will be placed in Ubuntu Hardy (universe I guess) and will show up there within the next days. As the packaging procedure is really well prepared I think it’ll also go to Debian. So maybe let’s wait a couple of days and – until then – test a self compiled version

  4. The reason you need to restart to get GDM to pick up the changes is because of the wierd way GDM uses PAM. It doesn’t seem to pick up any config changes after boot.

  5. meh, i tried to build on debian etch and got errors after running make dpkg (as root) :(

  6. @meh: Well „got errors“ is not as much information as you should provide if expecting qualified response :)

  8. Hi

    i know the command but i need if its possible join a domain with a name ou with spaces example

    domainjoin-cli join -ou departament/computers/My Pc mydomain the_admin_acc

    I have a ou with a name with spaces

  9. I got an error after make dpkg also. I’m using your latest build.

    msd@msd-desktop:~/Desktop/likewise-open-5.0.3991.1$ make dpkg
    sh packaging/scripts/build-dist
    /bin/rm: cannot remove directory `packaging/scripts/../../../likewise-open-5.0.3991.1′: No such file or directory
    make: *** [dist] Error 1
    msd@msd-desktop:~/Desktop/likewise-open-5.0.3991.1$

  10. @Brad: I have not used this for about a year now. Please report back to the likewise developers directly.

    Best,

    ccm.

  11. I am able to join my ubuntu pc to windows AD server even i am able to login to AD server but after restarting i am not able login again to AD server any solution for above issue

  12. Plz Anybody tell me how to join window domain from Ubuntu
    Plz Tell me step by step

  13. Plz Anybody tell me how to join window domain from Ubuntu
    Plz send step by step process on my email id plz
    my
    email id:— [email protected]

  15. Hi All,

    I do have an email server setup [ubuntu server 12.04] and also windows server 2008 r2 domain. My scenario is, I should make windows 7 clients to communicate with email server through Windows domain using domain login credentials and also MS Office outlook 2010 at client side. email server is configured perfectly and also windows domain. Time synchronization is also working fine. Domain users can login from ubuntu machine also [Ubunutu is a client which is added to windows domain]. Please let me know how can I make win7 clients to communicate with ubuntu email server and also the exact steps need to be followed.

    Thanks in advance
    Charan

  16. My email ID : [email protected]

Schreib einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *