Saturday, 3 November 2012

Join CentOS 6.x server to Windows 2012 AD domain using Likewise Open (PowerBroker Identity Services)

I've used the Likewise Open package for AD integration of Linux machines before, but never for CentOS 6.x.

I'm not too sure, nor do I really care all that much, but it seems that it seems that the package is not called Likewise Open anymore, but rather PowerBroker Identity Services, at any rate, these are the instructions needed to join a CentOS 6.x to a Windows 2012 AD Domain.

Firstly, ensure that domain name resolution is working, at a minimum the CentOS box must be able to ping the domain controller by name. Example /etc/resolv.conf file below, where there is a dns server on 192.168.1.65 for domain dev.com:
search dev.com
nameserver 192.168.1.65
  1. Download the package from here (Although there is no support for CentOS 6.1 or higher it works fine):
    2. http://www.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

  2. Disable SELinux. This is required by the installer 
    3. setenforce 0
  3. Install package:
    4. sh pbis-open-7.0.4.918.linux.x86_64.rpm.sh
  4. Join AD domain:
    5. domainjoin-cli join dev.com Administrator
  5. Create DNS entry:
    6. /opt/pbis/bin/update-dns
  6. Create SELinux Policy Module (see this link). Alternatively, disable SELinux altogether by editing the /etc/selinux/config file.
I must say that while using this product makes it simpler than my labour intensive way, I feel somewhat reticent to recommend this. It just feels like a cop out, maybe I'm a masochist who knows.
Posted by at 19:26
Labels: ,

16 comments:

  1. Unknown5 December 2012 at 16:49

    This, by far, is the easiest walk-through I've seen in getting a *nix box on AD. Thanks very much!

    ReplyDelete
  2. Anonymous24 May 2013 at 16:00

    Very helpful thnx!

    ReplyDelete
  3. Anonymous14 June 2013 at 19:23

    I agree, thanks a bunch!

    ReplyDelete
  4. Unknown26 September 2013 at 15:02

    ERROR_FILE_NOT_FOUND (0x00000002)
    i got this error can any one help

    ReplyDelete
    Replies
    1. manyrootsofallevil26 September 2013 at 20:09

      does this happen when installing the package or when joining the domain?

      Delete
    2. Unknown27 September 2013 at 08:50

      while installing the package

      Delete
  5. Unknown1 October 2013 at 14:40

    now i am able to add my centos machine into the domain by using above documents thank a lot to share your knowledge .

    ReplyDelete
  6. Unknown2 October 2013 at 17:42

    Works very smoothly

    ReplyDelete
  7. Unknown7 November 2013 at 20:54

    One more update - this is MUCH easier to use to facilitate TACACS+ with AD authentication on Ubuntu / Centos than the old fashioned OpenLDAP way.

    ReplyDelete
  8. Unknown8 December 2013 at 20:43

    does someone know after this guide how to add the samba file server role. I've installed everything but i still get errors

    ReplyDelete
  9. Anonymous13 February 2014 at 14:49

    I have Used PBIS to join Ubuntu machines in windows AD. For a while only(1 or 2 hours)
    After some time again i tried to login those machines in domain by using the same credentials (which are working well to login)
    it shows "Access Denied" in Putty. how to solve this issue

    ReplyDelete
  10. Unknown15 May 2014 at 09:03

    i got an error when adding to domain Error:Undocumented exception [code 0x00009efc]. Plese hep!

    ReplyDelete
  11. Anonymous31 August 2014 at 09:21

    Great tutorial! Anyone here configure it with Tacacs+ via PAM? Any tutorial as well?

    ReplyDelete
  12. nikhil5 January 2017 at 06:10

    Hi friends,

    dose anyone know how to fix below error.

    Reason message: Undocumented exception
    Reason message (long): An undocumented exception has occurred. Please contact BeyondTrust technical support and use the error code to identify this exception.
    Reason code: 0x 9efc

    ReplyDelete
  13. Used PC Distributor6 September 2017 at 11:32

    Nice Blog Post !

    ReplyDelete

Subscribe to: Post Comments (Atom)