I had been hoping to accomplish this for some time now. At work we work under a Windows domain and I have a Ubuntu test machine that I have been hoping to join to that domain. Finally, thanks to Likewise-Open5, it happened. And, believe it or not, it's not all that difficult.
Oh sure you can use Samba to take this task on, but you better be prepared for some serious configuration and work. With Likewise-Open5 that job is made significantly easier. Now I understand that with the upcoming major release of Samba, joining a domain should be much simpler. But with the tools we have now, Likewise-Open5 is your best bet. In this article I will show you how to join a Windows domain using a Ubuntu box.
Installing Likewise-Open5 is simple. Although there is a GUI that comes along with Likewise-Open5, we are going to install and use the CLI tool. Why? It's more reliable. So for installation open up a terminal window and issue the following command:
sudo apt-get install likewise-open5
That command should pick up all the necessary dependencies and have you ready to join i no time.
What you need
In order to connect to your domain, you will need the following information:
- Domain name: This is the domain name (FQDN) of the domain you want to join.
- DNS: Although you may be tempted to use something like OpenDNS, you will want to use the DNS used on your domain.
- Access: You will need to have an account that is able to join your domain.
You will also need some more information for configuring Sudo later.
To join the domain, the command you want to use looks like this:
sudo domainjoin-cli join DOMAIN USER
Where DOMAIN is the domain you want to join and USER is the username that has rights to join said domain.
You will be prompted for your password. Once you have authenticated, you have officially joined that domain.
Now, let's set Likewise-Open to use this domain as the default domain. This will mean you can actually log into your domain from your Ubuntu login screen. In other words, you will automatically be joined upon boot. To do this open up the file /etc/samba/lwiauthd.conf and add the following line:
windbind use default domain = yes
Now, restart the daemon with the command /etc/init.d/likewise-open restart and all is well.
If you want to leave the domain, just issue the following command:
sudo domainjoin-cli leave
One thing you will notice is that, when you have logged in under the domain, your user has no sudo rights. In order to get around this you need to log into your machine as your standard user and edit your /etc/sudoers file. But at this point you need one more bit of information. You need to know the Group your user is a member of in Active Directory. Most likely this is Users. If that doesn't work, contact your IT department and they should be able to tell you.
In the /etc/sudoers file, look for this line:
#Members of the Admin group may gain root privileges and do the following:
and append the following under it:
%DOMAIN\\GROUP ALL=(ALL) ALL
Where DOMAIN is the actual domain and GROUP is the group your user belongs to. Now if you log out and log back in your domain user should have sudo rights.
Linux has come a long, long way. And I have confidence this process will soon become a part of either the installation or be included as an easy to use wizard. But for now, it's no longer a harrowing experience to join a Windows domain.