+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
*nix Thread, Integrate Ubuntu clients into AD in Technical; Is there a way to set up an Ubuntu client so that the user logs in to the domain via ...
  1. #1
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13

    Integrate Ubuntu clients into AD

    Is there a way to set up an Ubuntu client so that the user logs in to the domain via the same type of login screen as a Windows client?

    I'm familiar with setting up Ubuntu with Samba, Winbind, etc but I'd like to be able to set up a box for staff to try that they can log into in a "familiar" fashion.

    Is this possible in any way?

    Or with a different Linux flavour?

  2. #2

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Likewise Open Source Software that Authenticates Linux, Unix, and Mac systems with Microsoft Active Directory

    Not quite sure what you're looking to do - this won't look like Windows, you'll still get the Ubuntu login screen but you will log in with your normal Windows credentials.

  3. Thanks to srochford from:

    powdarrmonkey (26th May 2010)

  4. #3

    Join Date
    Mar 2007
    Posts
    25
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    16
    Likewise works well, much easier than having to configure samba/winbind manually - only thing to note is that it expects the user name in the DOMAIN\user format

  5. #4
    Tyiell's Avatar
    Join Date
    Apr 2009
    Location
    Like everyone in IT - I'm omnipresent...
    Posts
    373
    Thank Post
    147
    Thanked 67 Times in 44 Posts
    Rep Power
    24
    Agreed with the above, but I found a bug with likewise a few months ago when I last tried this (on Ubuntu 10.4 Karmic, so may have been fixed), installing and configuring Likewise seems to stop passwd command working in terminal. Random but true.

    It didn't affect me at the time and since then it's been rebuilt using winbind/samba instead so not sure if its still an issue.

  6. #5
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    Likewise is installed, if I open it from the System > Admin menu it tells me I'm joined to the domain but there's no option that I can see to use it as a login screen.

    If I attempt to log in as "other" and enter domain\username, it prompts for the password but then gives me an authentication failure.

  7. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by Number6 View Post
    Is there a way to set up an Ubuntu client so that the user logs in to the domain via the same type of login screen as a Windows client?
    Both Samba and Likewise-Open should work. We've been using Likewise-Open, but I was going to try re-installing our Edubuntu server over half term and was planning to use Samba as setting that up has proven to be easier than I remembered.

    For our current Ubuntu workstations, there seemed to be a problem with Likewise-Open starting properly. I have the in my how-to-set-up-a-workstation notes:

    Code:
    Sort authentication
    ===================
    apt-get install likewise-open5
    domainjoin-cli join CONVENT.altonconvent.org.uk administrator
    
    If this is a virtual machine, sort the time issue:
    echo 1 > /proc/sys/xen/independent_wallclock
    
    edit /etc/rc.local:
    add line:
    sleep 5
    /etc/init.d/lsassd restart
    
    edit /etc/likewise-open5/lsassd.conf:
    Uncomment line:
    assume-default-domain = yes
    
    edit /etc/sudoers
    
    %CONVENT.altonconvent.org.uk\\domain^admins ALL=(ALL) ALL
    
    Reboot
    I think it's the "assume-default-domain = yes" in /etc/likewise-open5/lsassd.conf that lets you avoid having to type the domain in to log in, the workstation automatically tries a domain login first.

    If you tried Samba, was there some problem getting it to work?

    Don't forget you still need to have an appropriate Windows CAL for your machine to authenticate against the domain controller.

    --
    David Hicks

  8. #7
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    No, the machine is joined to the domain OK and I can view all the appropriate shares. All I want to do is to have the PC present a login screen that allows entry of the AD username and password.

    Currently I can only log onto the PC as the local user, albeit that once logged in the PC is a member of the domain but I want to be able to log in as the AD user.

  9. #8

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by Number6 View Post
    All I want to do is to have the PC present a login screen that allows entry of the AD username and password.
    Have you tried adding "assume-default-domain = yes" to /etc/likewise-open5/lsassd.conf?

    --
    David Hicks

  10. #9
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    13
    Quote Originally Posted by dhicks View Post
    Have you tried adding "assume-default-domain = yes" to /etc/likewise-open5/lsassd.conf?

    --
    David Hicks
    There's no such file on my system.

    I have a directory called /etc/likewise-open and the only .conf file in there is likewise-krb5-ad.conf

  11. #10

    Join Date
    Jun 2008
    Posts
    17
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I've just finished implementing this at work. 1 Domain Controller with windows and linux (ubuntu 10.04) clients.

    With the ubuntu clients, authentication was done against AD like a normal login through gdm. They could change their AD password with the passwd command and a bunch of other stuff. When you say normal login, I take it you mean a login through gdm as you would do with a local account?

    I did try likewise-open initially but it was awfull. I managed to get it working and after a reboot it broke again. Winbind is farly easy to setup and it's perfectly possible to write a script to join a machine to a domain, something I'm planning on doing as it's all manual at the moment. I used the ubuntu wiki, there's some AD stuff on there.

    I still have my notes from my install which I can write up if you like.

  12. #11

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by sideh View Post
    With the ubuntu clients, authentication was done against AD like a normal login through gdm.
    Is this using Samba to join the Windows domain? I've got Samba working for individual Ubuntu 10.04 workstations, but unfortunately I couldn't then get LTSP clients running off a 10.04 server to log in - they seemed to authenticate okay, but after starting to open a session they would return to the LTSP login screen. I posted this a little while ago:

    New version of LTSP

    I'm now trying Likewise-Open instead of Samba (I've left the server rebuilding the LTSP boot image overnight). It seems okay so far. As pointed out in that other post, the trick seems to be to install via the commandline utility rather than the GUI.

    I still have my notes from my install which I can write up if you like.
    Please do - I could well have missed something in my Samba setup, I'd like to know what I did wrong!

    --
    David Hicks
    Last edited by dhicks; 10th June 2010 at 03:01 PM.

  13. #12

    Join Date
    Jun 2008
    Posts
    17
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I didn't use samba at all on clients. Just winbind, which uses stuff from /etc/samba/smb.conf. Then added winbind stuff to /etc/nsswitch.conf. There's a bit more to it but I'll get my notes tomorrow and write something up.

  14. #13

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Anyone had any luck getting Ubuntu 10.04, joined to a domain via Likewise-Open, to mount user home folders when they log in? I've found this page:

    https://help.ubuntu.com/community/Ub...oryIntegration

    But that seems to be 9.04 specific - anyone know if it still holds for 10.04? Also, I know I can use a script to run gvfs-mount when the user logs in (i.e. place a line like "gvfs-mount "smb://acsfiles003/My Documents" in a GUI-environment startup script somewhere), but that just gives each user a link to "My Documents" on their desktop, all software still saves locally to the server's harddrive. The server is obviously capable of authenticating properly and mounting a volume, so how do I get /home/$username replaced with a network mount?

    --
    David Hicks

  15. #14

    Join Date
    Jun 2008
    Posts
    17
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I've written up the winbind stuff here: Ubuntu 10.04 Active Directory Authentication | Run Level 3 Hope it helps.

    As for mounting home folders why not use nfs? You can export them from an ubuntu server as long as its also joined to the domain so that users ids match.

  16. Thanks to sideh from:

    dhicks (11th June 2010)

  17. #15

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,624
    Thank Post
    1,240
    Thanked 778 Times in 675 Posts
    Rep Power
    235
    Quote Originally Posted by sideh View Post
    As for mounting home folders why not use nfs? You can export them from an ubuntu server as long as its also joined to the domain so that users ids match.
    "Also joined to the domain" as joined via Likewise-Open rather than Samba? Our file server is currently joined via Samba, so the UIDs and GIDs don't match when seen from a machine joined via Likewise-Open. I assume Likewise-Open automatically gives you a consistent mapping of UIDs/GIDs accross different machines?

    Edit: the above is actually quite easy to accomplish, I've already re-installed the file server once, I'll just have to wait until a weekend to do it again, so your suggestion is a good one, thanks. Just to warn anyone coming here via Google looking for how to connect an Ubuntu 10.04 machine to an Active Directory server: the above Winbind stuff works fine, but LTSP clients running off a Winbind-connected server don't seem to authenticate/login properly - Likewise-Open seems rather more reliable than that (which, of course, implies that any Linux-based central file server will need to be joined to the domain via Likewise-Open too, as mentioned above).

    --
    David Hicks
    Last edited by dhicks; 11th June 2010 at 12:47 PM.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Integrate Moodle & Exchange Server 2003
    By kieran8055 in forum Virtual Learning Platforms
    Replies: 5
    Last Post: 23rd September 2009, 07:31 PM
  2. Ubuntu 8.10 is here
    By CyberNerd in forum *nix
    Replies: 34
    Last Post: 5th January 2009, 04:04 PM
  3. Replies: 9
    Last Post: 24th April 2008, 08:53 PM
  4. Replies: 9
    Last Post: 25th March 2008, 06:13 PM
  5. Ubuntu Help Please.
    By tickmike in forum *nix
    Replies: 15
    Last Post: 4th January 2007, 01:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •