Just Uber

The latest Ubuntu release (Ludid, 10.4) makes it very easy for you to join an Active Directory domain. Here’s a quick guide to get you started.

1. Install the likewise open AD authentication application by issuing the command sudo apt-get install likewise-open

2. Register your Ubuntu system with the domain by running sudo domainjoin-cli join yourdomainname.com administrator (where yourdomainname.com is your domain name, and administrator is a user account on the domain with permissions to add computers to it).

3. When prompted, enter the password of your adminstrator account. A dialogue box will appear asking for your domain name,  enter your AD fully qualified domain name in upper case letters, i.e YOURDOMAIN.COM

4. Finally reboot.

Want sudo privileges? Go to your Active Directory and create a group. I called mine sudo, but you can use any group you like. A word of advice though, you’ll have less problems if you don’t use spaces in your group name.

Switch to a local user account with sudo privleges and at the terminal issue the command sudo visudo

At the end of the sudoers file add this line

%YOURDOMAIN.COM\\sudo ALL=(ALL) ALL

This tells Ubuntu to allow any user in the sudo group on your AD to use sudo privileges on the local machine.

To login to your Ubuntu system at the GUI use username@yourdomain

To login over SSH use yourdomain\username

Likewise Open is a piece of software designed to make it easier to integrate Linux PC’s into an Microsoft Windows Active Directory (AD) domain. Now you can log onto your Ubuntu PC using your Windows network username and password, and access your shared files and resources whilst logging on only once.

You can find the ‘likewise-open’ and ‘likewise-open-gui’ packages in the Ubuntu Hardy universe repository. Go to System > Administration > Synaptic Package Manager, ensure the universe repository is enabled, and search for ‘likewise’.

After installation, you can find the Likewise Open GUI in Applications > Internet > Likewise. Joining the domain is simple enough. Specify the FQDN of your domain and click on ‘join domain’. After giving details of an account with permission to add computers to the domain, you should be connected.

Restart the PC, and at the GDM login screen try an Active Directory login. For instance:

DOMAIN\username

Hopefully all should be well, if not try the following.

—-

Login as a normal (non-AD) user and run the following command.

lwiinfo -n “DOMAIN\username”

You might get an error complaining ‘could not obtain winbind separator!’

It looks like the likewise-open script is not set to start with the system. To see if this is the case, try running ‘sudo likewise-winbindd -start‘ and try the command again. If it works this time (you should see a string of numbers and letters) you need to set likewise-open to start with the system.

To do this run ‘sudo sysv-rc-conf‘ from the command line, and turn the likewise-open service on for runlevels 2,3,4,5. Hopefully this should be sorted soon, I’ve filed a bug report.’

—-

At this moment in time you are likely to come across other issues. Sound, USB, sudoers etc will not work under the AD user. I’m sure that there are workarounds for this which involve mapping AD user groups to local groups. Hopefully in time for release we’ll see some firm instructions for this appear.

If you’re interested, watch this space.