Pular para o conteúdo principal

Join a Ubuntu machine to a Windows domain

Join a Ubuntu machine to a Windows domain: "
I had been hoping to accomplish this for some time now. At work we work under a Windows domain and I have a Ubuntu test machine that I have been hoping to join to that domain. Finally, thanks to Likewise-Open5, it happened. And, believe it or not, it’s not all that difficult.
Oh sure you can use Samba to take this task on, but you better be prepared for some serious configuration and work. With Likewise-Open5 that job is made significantly easier. Now I understand that with the upcoming major release of Samba, joining a domain should be much simpler. But with the tools we have now, Likewise-Open5 is your best bet. In this article I will show you how to join a Windows domain using a Ubuntu box.
Installation
Installing Likewise-Open5 is simple. Although there is a GUI that comes along with Likewise-Open5, we are going to install and use the CLI tool. Why? It’s more reliable. So for installation open up a terminal window and issue the following command:
sudo apt-get install likewise-open5
That command should pick up all the necessary dependencies and have you ready to join i no time.
What you need
In order to connect to your domain, you will need the following information:
  • Domain name: This is the domain name (FQDN) of the domain you want to join.
  • DNS: Although you may be tempted to use something like OpenDNS, you will want to use the DNS used on your domain.
  • Access: You will need to have an account that is able to join your domain.
You will also need some more information for configuring Sudo later.
Joining
To join the domain, the command you want to use looks like this:
sudo domainjoin-cli join DOMAIN USER
Where DOMAIN is the domain you want to join and USER is the username that has rights to join said domain.
You will be prompted for your password. Once you have authenticated, you have officially joined that domain.
Now, let’s set Likewise-Open to use this domain as the default domain. This will mean you can actually log into your domain from your Ubuntu login screen. In other words, you will automatically be joined upon boot. To do this open up the file /etc/samba/lwiauthd.conf and add the following line:
windbind use default domain = yes
Now, restart the daemon with the command /etc/init.d/likewise-open restart and all is well.
Leaving
If you want to leave the domain, just issue the following command:
sudo domainjoin-cli leave
Sudo
One thing you will notice is that, when you have logged in under the domain, your user has no sudo rights. In order to get around this you need to log into your machine as your standard user and edit your /etc/sudoers file. But at this point you need one more bit of information. You need to know the Group your user is a member of in Active Directory. Most likely this is Users. If that doesn’t work, contact your IT department and they should be able to tell you.
In the /etc/sudoers file, look for this line:
#Members of the Admin group may gain root privileges and do the following:
and append the following under it:
%DOMAIN\\GROUP ALL=(ALL) ALL
Where DOMAIN is the actual domain and GROUP is the group your user belongs to. Now if you log out and log back in your domain user should have sudo rights.
Final thoughts
Linux has come a long, long way. And I have confidence this process will soon become a part of either the installation or be included as an easy to use wizard. But for now, it’s no longer a harrowing experience to join a Windows domain.
"

Comentários

Postagens mais visitadas deste blog

Improve Windows Security By Closing Open Ports

Improve Windows Security By Closing Open Ports : " A standard Windows operating system has a number of ports open after installation. Some of these ports are needed for the system to function properly while others might not. These ports can pose a security risk as every open port on a system might be an entry point for a malicious user. A port basically allows communication to or from the device. Characteristics are a port number, an IP address and a protocol type. This article will give you the tools at hand to identify and evaluate the open ports on your Windows system to make a decision in the end whether they can or should be closed or left open. Software programs and tools that we will use: CurrPorts : Available for 32-bit and 64-bit editions of Windows. It is a port monitor that displays all open ports on a computer system. We will use it to identify the ports and the programs that are using them. Windows Task Manager: Also used to identify the programs and link some p

Diagnosing a Blue Screen of Death Error in Windows

Diagnosing a Blue Screen of Death Error in Windows : For many years now the famous Blue Screen of Death (BSoD) has been the ultimate indication that something disastrous has happened to make your computer die, but how useful is the information in the BSoD and the respective crash dump file that Windows produces? The best article I ever found explaining the BSoD in depth is here on the Microsoft website, however it’s quite technical and doesn’t discuss how to actually troubleshoot a problem. The crash dump file is just technical details of what was being held in the computer’s memory at the time of the crash, and this will include details on every driver and service that was loaded, and every piece of software that was running. The most useful pieces of information are to be found on the BSoD itself and are highlighted on the screenshot below. These are the BSoD error name, the stop error code and the name of the driver or service that has failed (this last one might not always appea

FBackup is a simple, no-frills free backup application

FBackup is a simple, no-frills free backup application : "