Saturday, 19 May 2012

Join Ubuntu 12.04 (Precise Pangolin) server to a Windows 2008 R2/ 8 Server Beta Active Directory domain

In a previous post, I showed how to join a CentOS/RHEL 6.x server to a Windows 8 Server Beta Active Directory domain using a rather laborious method. In this post I will show you how to join a a Windows 8 Server Beta Active Directory domain using a far simpler way, by using Likewise Open. I've not tried using this method for CentOS/RHEL 6.x but Likewise Open is supported, so stay tuned.

In theory, this method should work for Windows 2003/2008 (R2) domains, but I've only tried it for  Windows 2008 R2 domain and Windows 8 Server Beta.

I had already set up the domain and DNS servers from my previous post, so I won't dwell on this, all I will say is that ensure that name resolution works from the Ubuntu server, e.g. make sure that at least you can ping the DC by hostname. An example /etc/resolv.conf file is shown below for a domain called test.org and DNS server with ip address (10.168.20.93), this should be set up automatically from your DHCP server, if not you'll need to edit /etc/networking/interfaces (note that the options are different to those in /etc/resolv.conf, see man page for resolvconf):
search test.org
nameserver 10.168.20.93
Install Likewise Open:
sudo apt-get install likewise-open5
You can now join the domain with this command (where test.org is the domain and Administrator is an account with Admin access to the domain):
sudo domainjoin-cli join test.org Administrator
Since I'm running a default server version of Ubuntu with no GUI, there is no need to reboot the server to be able to login to the server with domain accounts.

I've not managed to get this command to add an entry for the server to the DNS server so I had to issue this command:
sudo lw-update-dns
Finally, in order to allow domain users to use sudo, you can add this line to the /etc/sudoers file (It might be more appropriate to restrict this to a domain admins or a custom group):
%test\\domain^users ALL=(ALL) ALL
In order to login remember that you will need to use a valid username of this form domain\username rather than simply using the username as with the labour intensive way for CentOS/RHEL that I have discussed in the past.

Another upside of using Likewise Open is that users don't need to have their Unix attributes set, which I guess means that it's probably not necessary to install the Identity Management for UNIX components on the domain controller.

See this post for details on how to set up SSH single sign-on for Ubuntu 12.04.

7 comments:

  1. Have you tried Centrify Express? It will have no problem getting SSH SSO working.

    ReplyDelete
    Replies
    1. I managed to get it working in the end. Not heard of centrify express though

      Delete
  2. Great post =) I can confirm that this works on a Windows 2003 AD as well as on Windows 2008 R2 AD. It works well with both server and workstation ubuntu, although one might have to make some additional changes to the desktop env. This has to do with the GUI for login to the desktop x. /tzyr0b

    ReplyDelete
  3. Thanks for posting this. It worked perfectly for me.

    ReplyDelete
  4. i confirm that its Work 100% , Thank you

    ReplyDelete
  5. I did All settings as above mentioned But still it is giving incorrect password !

    ReplyDelete
    Replies
    1. Is there anything showing up on the DC event log. (I'm assuming you are typing the right password ;))

      Delete