Join a Ubuntu machine to a Windows domain - gHacks Tech News

Join a Ubuntu machine to a Windows domain

I had been hoping to accomplish this for some time now. At work we work under a Windows domain and I have a Ubuntu test machine that I have been hoping to join to that domain. Finally, thanks to Likewise-Open5, it happened. And, believe it or not, it's not all that difficult.

Oh sure you can use Samba to take this task on, but you better be prepared for some serious configuration and work. With Likewise-Open5 that job is made significantly easier. Now I understand that with the upcoming major release of Samba, joining a domain should be much simpler. But with the tools we have now, Likewise-Open5 is your best bet. In this article I will show you how to join a Windows domain using a Ubuntu box.

Installation

Installing Likewise-Open5 is simple. Although there is a GUI that comes along with Likewise-Open5, we are going to install and use the CLI tool. Why? It's more reliable. So for installation open up a terminal window and issue the  following command:

sudo apt-get install likewise-open5

That command should pick up all the necessary dependencies and have you ready to join i no time.

What you need

In order to connect to your domain, you will need the following information:

  • Domain name: This is the domain name (FQDN) of the domain you want to join.
  • DNS: Although you may be tempted to use something like OpenDNS, you will want to use the DNS used on your domain.
  • Access: You will need to have an account that is able to join your domain.

You will also need some more information for configuring Sudo later.

Joining

To join the domain, the command you want to use looks like this:

sudo domainjoin-cli join DOMAIN USER

Where DOMAIN is the domain you want to join and USER is the username that has rights to join said domain.

You will be prompted for your password. Once you have authenticated, you have officially joined that domain.

Now, let's set Likewise-Open to use this domain as the default domain. This will mean you can actually log into your domain from your Ubuntu login screen. In other words, you will automatically be joined upon boot. To do this open up the file /etc/samba/lwiauthd.conf and add the following line:

windbind use default domain = yes

Now, restart the daemon with the command /etc/init.d/likewise-open restart and all is well.

Leaving

If you want to leave the domain, just issue the following command:

sudo domainjoin-cli leave

Sudo

One thing you will notice is that, when you have logged in under the domain, your user has no sudo rights. In order to get around this you need to log into your machine as your standard user and edit your /etc/sudoers file. But at this point you need one more bit of information. You need to know the Group your user is a member of in Active Directory. Most likely this is Users. If that doesn't work, contact your IT department and they should be able to tell you.

In the /etc/sudoers file, look for this line:

#Members of the Admin group may gain root privileges and do the following:

and append the following under it:

%DOMAIN\\GROUP ALL=(ALL) ALL

Where DOMAIN is the actual domain and GROUP is the group your user belongs to. Now if you log out and log back in your domain user should have sudo rights.

Final thoughts

Linux has come a long, long way. And I have confidence this process will soon become a part of either the installation or be included as an easy to use wizard. But for now, it's no longer a harrowing experience to join a Windows domain.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. awesome said on April 21, 2010 at 2:34 pm
    Reply

    very cool. thanks

  2. rvdmast said on April 22, 2010 at 7:38 am
    Reply

    Now thát was an interesting article!
    I’ve played with joining linux servers to an Windows NT domain using samba in a grey past (10 yrs) but never thougt of joining a linux client PC.

    Indeed, samba has come a long way.

    Btw, have you noticed that the counter on this site where it says
    “2 Responses to ” is always off by one? It says here
    2 Responses though there is only one so far. I began noticing this
    earlier this week.

  3. quizz said on April 22, 2010 at 10:21 pm
    Reply

    They’ve got some problems some time ago. Cli-command were working and both Likewise 4 and 5 could help you in joining AD domain but version 4 was more useful for the real network. I’m gonna check version 5 out.

  4. raj said on July 28, 2010 at 3:10 pm
    Reply

    Hi Jack
    I added my ubuntu 10.04 LTS client machine following your suggestions. However there are couple of things doesn’t apply in my case.
    First I cannot find the file /etc/samba/lwiauthd.conf. The only .conf file I can find under samba folder is smb.conf, should I change this file withe winbind?

    Second, once after I reboot the machine I cannot logon to the ubunu machine using my windows domain username “raj@abc.com”. It always say the authentication failed.

    However, I can see the ubuntu machine registered under AD repos.

    What could have went wrong?

    Thanks for your great article

  5. Jack Wallen said on July 31, 2010 at 5:27 pm
    Reply

    raj: You can add that line “winbind use default domain = yes” to your smb.conf file.

  6. raj said on August 3, 2010 at 10:48 am
    Reply

    Hi Jack
    I managed to get it working. I was trying various methods to join the ubuntu box to windows domain until coming across your post about using likewise open.
    So from the previous attempts, I created one username (my domain username) as local username with ubuntu, which was causing the trouble. Once I removed the local user and tried to login, it worked and I can access all my network shares without any issues.

    Thank you very much

  7. Anonymous said on November 30, 2010 at 11:33 pm
    Reply

    Thanks for posting a follow-on article that highlights Centrify Express as another and an easier method for joining Ubuntu to AD.

    https://www.ghacks.net/2010/11/30/easily-connect-linux-to-a-windows-domain/

  8. jayj said on June 15, 2011 at 5:36 pm
    Reply

    i am unable to find the file ‘lwiauthd.conf’

  9. Richard said on January 25, 2013 at 6:56 pm
    Reply

    Wow – this used to be such a pain in the ass to do a few years ago… Thanks for the great info!

  10. Thom said on April 16, 2013 at 3:12 pm
    Reply

    Error: DNS_ERROR_BAD_PACKET [code 0x0000251e]

    A bad packet was received from a DNS server. Potentially the requested address
    does not exist.

    1. Chad said on December 13, 2013 at 7:23 pm
      Reply

      LikewiseOpen is now called Beyond Trust, and the old website is gone. Here is the article that talks about this change, and gives updated links:
      https://help.ubuntu.com/community/LikewiseOpen

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.