Easily connect Linux to a Windows Domain
The task of joining Linux to a Windows domain can be a challenge. I have covered it before here (see my article "Join a Ubuntu machine to a Windows domain"), but many users have had issues with Likewise Open either not being able to join or not being able to reliably remain joined. Naturally, if you are able to connect successfully with Likewise Open, you should stick with that. But if you are looking for an easier method of joining a domain, I have found a great solution; Centrify Express.
Centrify Express is free tool offered by the company that makes various Single Sign-On tools, of which only Express is available free and easily for the Linux operating system. Once you have used this tool to join a Windows Domain you will be shocked at how easily it is done.
Installation
I am going to illustrate this installation process on a Ubuntu 10.10 machine. If you need to install on a different distribution (or on Windows, or Mac) you will need to sign up for a download. If you do that you will find pre-compiled binaries for:
- Windows
- Mac
- CentOS
- Debian
- Mandriva
- SUSE
- OpenSolaris
- Oracle Enterprise Linux
- Red Hat Enterprise Linux
- Scientific Linux
But if you are using Ubuntu, you can follow these easy steps:
- Open up the Ubuntu Software Center.
- Search for "centrify" (No quotes).
- Click Install.
- Type your sudo password and press Enter.
- Once the installation is finished you can then close out the Ubuntu Software Center.
Now it's time to do just a tiny bit of configuration.
Configuration
The only configuration you need to take care of is in the /etc/nsswitch file. In that file you will find a line that looks like:
hosts: Â Â Â Â Â files mdns4_minimal [NOTFOUND=return] dns mdns4
Change that file to just read:
hosts: Â Â Â Â files dns
Now there is one other configuration you need to take care of BEFORE you join the domain. In the file /etc/centrifydc/group.ignore you need to add the group "admin" (no quotes) to this list. If you do not do this your sudo users will not longer have sudo privileges. Without sudo privileges your users will not be able to install applications or run anything that needs administrative permissions.
Once you have configured that file, save  it. You are now ready to join the comain.
Joining the domain
You will need the domain admin password for this to be successful. To join the domain do the following:
Open up a terminal window.
Issue the command sudo adjoin -w DOMAIN (Where DOMAIN is the domain you want to join).
Type the Domain admin password and hit Enter.
It may take some time but you will eventually be joined to the domain. You should now be able to open up Nautilus and explore your network by hostname as if you were using a Windows machine.
If you find you can not see your network by hostname, you might have to reboot and then log in with your AD credentials.
Final thoughts
You now have two methods with which to join a Windows domain. The enterprise pastures, for Linux, are growing greener and greener by the day.
So that Software Center finds Centrify at all (at least With Ubuntu 10.04) you have to follow this guide http://community.centrify.com/t5/Express-Tips-and-Tricks/How-to-Install-Centrify-DirectControl-Express-on-Ubuntu-10-04-10/ba-p/263
Thanks for the Tutorial
I Installed Centrify and followed your instructions and join the computer to the windows domain successfully… it instructed me to reboot..
I then rebooted but when i reach the login screen and enter my user name and password it just bounces back
Is there a special way i should type my Username to login ??
I’m locked out my Computer and i dont know why bcause my username/password is right
Any help will be appreciated…
Thanks much
Might also want to mention that if you had not previously enabled the “partner” sources in apt, you’ll need to click the “Use this Source” button, give password, exit Software Center, run apt-get update from the terminal, and then go back into Software Center to get the Install option.
Also do remember that if there is more than 2 seconds time difference between the DC and the linux box being joined it will fail. Make sure to have NTP setup so that the DC and the linux box is using the same time provider.
How about adding domain users to the admin group so they can use sudo?
Nichoas
Check out the discussion on Centrify Forums about making a domain user as an admin.
http://bit.ly/f5UwYk
If you need further assist or have questions on Centrify Express, feel free to post them on our Express forums.
Thanks