Saturday 3 November 2012

Join CentOS 6.x server to Windows 2012 AD domain using Likewise Open (PowerBroker Identity Services)

I've used the Likewise Open package for AD integration of Linux machines before, but never for CentOS 6.x.

I'm not too sure, nor do I really care all that much, but it seems that it seems that the package is not called Likewise Open anymore, but rather PowerBroker Identity Services, at any rate, these are the instructions needed to join a CentOS 6.x to a Windows 2012 AD Domain.

Firstly, ensure that domain name resolution is working, at a minimum the CentOS box must be able to ping the domain controller by name. Example /etc/resolv.conf file below, where there is a dns server on for domain
  1. Download the package from here (Although there is no support for CentOS 6.1 or higher it works fine):

  3. Disable SELinux. This is required by the installer 
  4. setenforce 0
  5. Install package:
  6. sh
  7. Join AD domain:
  8. domainjoin-cli join Administrator
  9. Create DNS entry:
  10. /opt/pbis/bin/update-dns
  11. Create SELinux Policy Module (see this link). Alternatively, disable SELinux altogether by editing the /etc/selinux/config file.
I must say that while using this product makes it simpler than my labour intensive way, I feel somewhat reticent to recommend this. It just feels like a cop out, maybe I'm a masochist who knows.


  1. This, by far, is the easiest walk-through I've seen in getting a *nix box on AD. Thanks very much!

  2. Very helpful thnx!

  3. I agree, thanks a bunch!

  4. ERROR_FILE_NOT_FOUND (0x00000002)
    i got this error can any one help

    1. does this happen when installing the package or when joining the domain?

    2. while installing the package

  5. now i am able to add my centos machine into the domain by using above documents thank a lot to share your knowledge .

  6. One more update - this is MUCH easier to use to facilitate TACACS+ with AD authentication on Ubuntu / Centos than the old fashioned OpenLDAP way.

  7. does someone know after this guide how to add the samba file server role. I've installed everything but i still get errors

  8. I have Used PBIS to join Ubuntu machines in windows AD. For a while only(1 or 2 hours)
    After some time again i tried to login those machines in domain by using the same credentials (which are working well to login)
    it shows "Access Denied" in Putty. how to solve this issue

  9. i got an error when adding to domain Error:Undocumented exception [code 0x00009efc]. Plese hep!

  10. Great tutorial! Anyone here configure it with Tacacs+ via PAM? Any tutorial as well?

  11. Hi friends,

    dose anyone know how to fix below error.

    Reason message: Undocumented exception
    Reason message (long): An undocumented exception has occurred. Please contact BeyondTrust technical support and use the error code to identify this exception.
    Reason code: 0x 9efc