likewise-open | 14.04 | other easy way to connect AD?

Solution 1:

Using Powerbroker instead of likewise

do as steps below

1- download powerbroker frome here http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

2- run it ,

sudo chmod a+x

run by typing it and hitting enter key

 sudo ./pibsfilename.sh

3- join by one of the below commands

 sudo domainjoin-cli join domainname.com [email protected]

or

 sudo domainjoin-cli join --disable ssh domainname.com [email protected]

4- Also, note that you might need to make one minor change to a config file as noted here. Namely, in the file /etc/pam.d/common-session, change the line that reads:

   session sufficient pam_lsass.so

to

   session [success=ok default=ignore] pam_lsass.so

5- run this command to config, like lwconfig in likewise (run from home folder), use caret ^ for spaces in group names

   /opt/pbis/bin/config Requiremembershipof "domainname\\ASecurityGroupFromYourDomain" "domainname\\plus^other^group"
   /opt/pbis/bin/config AssumeDefaultDomain true
   /opt/pbis/bin/config UserDomainPrefix domainname

6- if you want a username to be sudoer do as follows

 sudo nano /etc/sudoers

after root line add the line below

 username ALL=(ALL:ALL) ALL

for group use %:

 %DOMAINNAME\\Power^Users ALL=(ALL:ALL) ALL

7- and finally edit lightdm configuration file

   sudo nano /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf

   allow-guest=false
   greeter-show-remote-login=false
   greeter-show-manual-login=true

(60-lightdm-gtk-greeter.conf in Lubuntu 14.04)

8- Reboot

Resources used:

• http://community.spiceworks.com/how_to/show/80336-join-ubuntu-14-04lts-to-a-windows-domain-using-pbis-open
• Add AD Domain user to sudoers from the command line
• https://serverfault.com/questions/387950/how-to-map-ad-domain-admins-group-to-ubuntu-admins
• http://codenuggets.com/2014/05/15/likewise-open-change-default-user-shell/

Solution 2:

It has simply been rebranded, and removed from official repositories. It is now known as BeyondTrust PowerBroker Identity Services, Open Edition (not as catchy, I know), and can be found here.

Also, note that you might need to make one minor change to a config file as noted here. Namely, in the file /etc/pam.d/common-session, change the line that reads:

session sufficient pam_lsass.so

to

session [success=ok default=ignore] pam_lsass.so

Found this info after a LOT of Googling and pulling out hair. Hope this helps.

Solution 3:

The other (and in IMHO the more mature and stable) solution is Centrify Express.

Steps on how to install Centrify Express (and why folks switched to Centrify) can be found at

http://www.question-defense.com/2012/08/31/dpkg-error-processing-likewise-open-configure-join-linux-server-to-windows-domain-controller

http://ninjix.blogspot.com/2011/01/puppet-module-for-centrify-express.html

Solution 4:

Thanks a lot. For me (instead of use the PBIS (powerbroker identify service)) i will run with the "realmd - network authenification" that use "sssd". This install and configure all components (Kerberos and the sssd-config) for me (SSSD= System Security Services Daemon). The only thing to do is joining the domain (see realm --help) and manually setup pam (in /etc/pam.d/common-session; add "session required pam_mkhomedir.so umask=077) for auto-create homedirectorys and possibly modify sudoers-file for the ad-users. Take a look of that, I think that is an easy alternative way for AD-Integration and it comes out of the box and use standards.