I had been hoping to accomplish this for some time now. At work we work under a Windows domain and I have a Ubuntu test machine that I have been hoping to join to that domain. Finally, thanks to Likewise-Open5, it happened. And, believe it or not, it's not all that difficult.
Oh sure you can use Samba to take this task on, but you better be prepared for some serious configuration and work. With Likewise-Open5 that job is made significantly easier. Now I understand that with the upcoming major release of Samba, joining a domain should be much simpler. But with the tools we have now, Likewise-Open5 is your best bet. In this article I will show you how to join a Windows domain using a Ubuntu box.
Installing Likewise-Open5 is simple. Although there is a GUI that comes along with Likewise-Open5, we are going to install and use the CLI tool. Why? It's more reliable. So for installation open up a terminal window and issue the following command:
sudo apt-get install likewise-open5
That command should pick up all the necessary dependencies and have you ready to join i no time.
What you need
In order to connect to your domain, you will need the following information:
You will also need some more information for configuring Sudo later.
To join the domain, the command you want to use looks like this:
sudo domainjoin-cli join DOMAIN USER
Where DOMAIN is the domain you want to join and USER is the username that has rights to join said domain.
You will be prompted for your password. Once you have authenticated, you have officially joined that domain.
Now, let's set Likewise-Open to use this domain as the default domain. This will mean you can actually log into your domain from your Ubuntu login screen. In other words, you will automatically be joined upon boot. To do this open up the file /etc/samba/lwiauthd.conf and add the following line:
windbind use default domain = yes
Now, restart the daemon with the command /etc/init.d/likewise-open restart and all is well.
If you want to leave the domain, just issue the following command:
sudo domainjoin-cli leave
One thing you will notice is that, when you have logged in under the domain, your user has no sudo rights. In order to get around this you need to log into your machine as your standard user and edit your /etc/sudoers file. But at this point you need one more bit of information. You need to know the Group your user is a member of in Active Directory. Most likely this is Users. If that doesn't work, contact your IT department and they should be able to tell you.
In the /etc/sudoers file, look for this line:
#Members of the Admin group may gain root privileges and do the following:
and append the following under it:
%DOMAIN\\GROUP ALL=(ALL) ALL
Where DOMAIN is the actual domain and GROUP is the group your user belongs to. Now if you log out and log back in your domain user should have sudo rights.
Linux has come a long, long way. And I have confidence this process will soon become a part of either the installation or be included as an easy to use wizard. But for now, it's no longer a harrowing experience to join a Windows domain.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.