List of downloads
List of downloads
You might have a fortress of Linux solitude at home, but unless you are one of the lucky ones working in a Linux-only environment, you can't escape the clutches of Microsoft and you are going to have to interact with Windows.
One of the trickiest aspects of getting Linux to play well with Windows is the Windows Domain. For the longest time this was a challenge most were simply not able to handle. This task required a very deep understanding of Samba and how to get Samba to communicate with Windows domain. Even armed with that knowledge, this wouldn't always work. That is, until now.
Fortunately, things have continued to get easier on the Linux operating system to where even what was once the most challenging tasks are mundane. One such tool that has made the challenge of joining a Windows domain is Likewise Open. Using Likewise Open's handy GUI tool (that also comes with an equally hand command line version) you can quickly and easily connect a Linux machine to a Windows domain.
Note: Packages were removed from PPA, and the project has been renamed to PowerBroker Identity Services “AD Bridge“. Go to www.beyondtrust.com for more details. (Download link)
This is simple. Follow these steps to get both the GUI and command line tools installed:
You are now ready to join your Windows domain. Let's tackle this via command line first.
Joining using the command line
You will be surprised how easy this is to do. Open up a terminal window and issue the following command:
sudo domainjoin-cli join DOMAIN_NAME USER
Where DOMAIN_NAME is the name of the Windows domain you want to join and USER is the user you authenticate with. You will be prompted for your user password and, upon successful authentication, you will have officially joined that domain! You should be able to do things like browse all machines on your network domain as well as connect to your Exchange server using Evolution!
If you want to leave the domain you can do so equally as easy with the command:
sudo domainjoin-cli leave
This will drop you from the domain you are currently joined.
The good thing about using PBIS is that it allows multiple ways to customize the login, domain prefix, login shell, folder name, etc. In order to set up default configuration for domain users, you need to use PBIS to set the environment for all required domain users that will be logged to the system. Please open the terminal and run following commands:
sudo /opt/pbis/bin/config UserDomainPrefix [Domain]
Set domain prefix
sudo /opt/pbis/bin/config AssumeDefaultDomain True
Set this to 'true' avoid entering domain names all the time
sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
Set default shell
sudo /opt/pbis/bin/config HomeDirTemplate %H/%D/%U
Set different home dir then the local users on the machine
sudo /opt/pbis/bin/config RequireMembershipOf "[Domain]\\[SecurityGroup]"
Set specific Active Directory security groups
Next step, you need to edit the pamd.d common-session file. Please type in terminal:
sudo vim /etc/pam.d/common-session
Navigate to the line that states session sufficient pam_lsass.so and replace it with session [success=ok default=ignore] pam_lsass.so
Then, we need to edit the lightdm configuration file and append the following lines:
sudo vim /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf allow-guest=false greeter-show-manual-login=true
Please note, that if you are using Lubuntu 14.04 your lightdm configuration file will be 60-lightdm-gtk-greeter.conf
To start up the GUI click F2 and enter domainjoin-gui to open up the graphical tool. This should be fairly straight-forward. You can name your computer what you want but you do have to use the exact domain name you would use to connect a Windows machine to your domain. In other words, if you domain is DOMAIN.LOCAL then use DOMAIN.LOCAL. If your domain is just DOMAIN then just use DOMAIN. As well, if you have to use an OU (Ogranizational Unit) to connect, make sure you have that correct. Once you have the information entered click Connect and an authentication window will appear. In this window you must enter your username and your password as you would enter them when connecting on a Windows machine. After you enter your credentials click OK and Likewise Open will attempt to connect. Upon successful authentication you will be a part of your company domain. Congratulations!
Now log out of your desktop and log back in with your domain credentials. This most likely will mean you will log in with the username in the DOMAIN\user configuration. You can also log in to your local machine by logging in with the standard username and password on your local system.
Since Ubuntu lists local users and (be default) doesn't allow entering your username manually, you will have to edit your /etc/lightdm/lightdm.conf.d/50-unity-greeter.conf and append this line:
This will allow you to enter your username manually. Or you can just hide all user
Then restart lightdm
sudo service lightdm restart
or simply restart your PC
EDIT: For Ubuntu 14.04 and later - use /usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf and append the above lines, or create /etc/lightdm/lightdm.conf and enter:
[SeatDefaults] greeter-show-manual-login=true greeter-hide-users=true
You will find, when logged into your domain, that your user doesn't have sudo privileges. This means you will not be able to install software and administer various tasks. You can fix this by making an addition to the /etc/sudoers file. Open up the /etc/sudoers file and look for the line:
#Members of the Admin group may gain root privileges and do the following:
Under this line add the following:
%DOMAIN\GROUP ALL=(ALL) ALL
Where DOMAIN is the actual domain and GROUP is the group your user belongs to on the domain.
Now log out and log back in and your domain user should have sudoer privileges.