Tuesday, 23 October 2012

Join Ubuntu 12.10 (Quantal Quetzal) server to a Windows 2012 Active Directory domain

In this post I will show you how to join a Ubuntu 12.10 server to a Windows 2012 Server Active Directory domain using using Likewise Open. I've not tried using this method for CentOS/RHEL 6.x but Likewise Open is supported, so stay tuned.

In theory, this method should work for Windows 2003/2008 (R2) domains, but I've only tried it for  Windows 2012 Server.

I won't dwell on setting up the domain and DNS servers, see this previous post for details [it's for the Beta version but it still applies], all I will say is that ensure that name resolution works from the Ubuntu server, e.g. make sure that at least you can ping the DC by hostname and fully qualified domainname. An example /etc/resolv.conf file is shown below for a domain called dev.com and DNS server with ip address (, this should be set up automatically from your DHCP server, if not you'll need to edit /etc/networking/interfaces (note that the options are different to those in /etc/resolv.conf, see man page for resolvconf):
search dev.com
Install Likewise Open:
sudo apt-get install likewise-open5
You can now join the domain with this command (where dev.com is the domain and Administrator is an account with Admin access to the domain):
sudo domainjoin-cli join dev.com Administrator
Since I'm running a default server version of Ubuntu with no GUI, there is no need to reboot the server to be able to login to the server with domain accounts.

In order to login remember that you will need to use a valid username of this form domain\username.

I've not managed to get this command to add an entry for the server to the DNS server so I had to issue this command:
sudo lw-update-dns
Finally, in order to allow domain users to use sudo, you can add this line to the /etc/sudoers file, remember to edit this file with visudo. The first will allow sudo to all domain users, the second line will only allow domain admins sudo access.
%dev\\domain^users ALL=(ALL) ALL 
%dev\\domain^admins ALL=(ALL) ALL
Another upside of using Likewise Open is that users don't need to have their Unix attributes set, which I guess means that it's probably not necessary to install the Identity Management for UNIX components on the domain controller.

My post on how to set SSH single sign-on for Ubuntu 12.04, applies for 12.10 so I won't bother with a new post for single sign-on.


  1. Have you tried Centrify Express to join Ubuntu to AD?

    1. Do you need to join on every boot or only first time?

    2. only first time, I don't think anybody would use it if you had to do it every single time