Note:

LikewiseOpen is now Beyond Trust - PowerBroker Identity Services Open Edition The Likewise website is gone, and links to it are broken. I have repaired some of them, but I have not found them all. The repositories are still using the likewise-open name, so the instructions are still good. However, the repo version in 12.04 will not work with the repo version of samba. Get the new branded version at http://www.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

Introduction

Likewise Open provides a complete authentication solution allowing *nix systems to be fully integrated into Active Directory environments. Created by Likewise Software to make Linux and Unix systems first class citizens on Windows networks, likewise-open will authenticate both Ubuntu Desktop Edition and Ubuntu Server Edition machines.

Installation

Likewise Open is available in the Main repository. Users can install using apt-get or the Synaptic Package Manager. However, if installed through the repositories the upgrade process is a little trickier.

likewise-open provides numerous simple-to-use command line utilities and likewise-open-gui provides a feature-limited graphical utility. likewise-open-gui is however, more than sufficient for most common small deployments. This should not dissuade users from working with the command line tools as they are both logical, and provide and great deal of very useful diagnostic and configuration utility.

For instructions on installing software and using repositories see the InstallingSoftware page.

If you are installing on Lucid Lynx, you can refer to these threads:

Joining a Domain CLI

Once you've installed the likewise-open package the main executable file is /usr/bin/domainjoin-cli which is used to join your computer to the domain. Before you join a domain you will need to make sure:

  • You have access to an Active Directory user with appropriate access.
  • The Fully Qualified Domain Name of the domain you want to join.

  • DNS for the domain is set up appropriately.

To join a domain from a terminal prompt enter:

sudo domainjoin-cli join example.local Administrator

You will then be prompted for the user's password. Administrator in the example above. If all goes well a SUCCESS message should be printed to the console.

The account specified in the domainjoin-cli argument must have permission to join machines in Active Directory.

After joining the domain, Likewise Software advises users restart their machines as a number of daemons must be restarted in a specific sequence.

Logging In

Once you have successfully joined a Ubuntu machine to an Active Directory domain you can login using any valid AD user. To login you will need to enter the user name as 'domain\username'. For example to ssh to a server joined to the domain enter:

ssh 'example\joan'@hostname

or

ssh example\\joan@hostname

or

ssh -l 'example\joan' hostname

Alternatively, run lwconfig AssumeDefaultDomain true If configuring a Desktop the username will need to be prefixed with domain\ in gdm.

Other Utilities

The likewise-open package comes with a few other utilities that may be useful for gathering information about Active Directory domains or configuring your site's client installation. These utilities are all found in /usr/bin and provide various functionality, for instance:

  • lw-update-dns -- Allows users to update their dns entriees on the domain controller.

  • lw-get-status -- Displays information regarding the machine´s join status.

Note: full documentation is available on Likewise Software´s website at:

http://download1.beyondtrust.com/Technical-Support/Downloads/files/pbiso/Manuals/likewise-open-54-guide.html

12.04 uses 6.0

http://www.beyondtrust.com/Technical-Support/Downloads/files/pbiso/Manuals/likewise-open-60-guide.html

Configuration

Adding sudo

One of the first things you'll want to do is give sudo access to certain groups of users. Here is the modified portion of /etc/sudoers that gives all members of the group 'team-alpha', with a Pre-Windows 2000 domain of OMG access to sudo:

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%OMG\\team-alpha ALL=(ALL)ALL

If your group name has spaces, replace them with caret's (^), so 'team alpha' would become 'team^alpha'

Restricting access to specific groups

By default, LikewiseOpen allows all AD users to logon. To limit this to specific groups (in this case 'domain admins' and 'unix admins' with a Pre-Windows 2000 domain of OMG) run:

sudo lwconfig RequireMembershipOf "OMG\\domain^admins" "OMG\\unix^admins"


CategoryNetworking CategorySoftware

LikewiseOpen (last edited 2012-12-12 04:16:44 by 99-29-179-119)