BTNHD News

Joining Ubuntu to Windows Active Directory [Notes]

ubuntu_active_directory_wp_header Open the terminal command and follow the steps. If you need any help make sure to view the how to video for assistance. Step 1 || wget http://de.archive.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_6.1.0.406-0ubuntu10_amd64.deb Step 2 || wget http://de.archive.ubuntu.com/ubuntu/pool/main/libg/libglade2/libglade2-0_2.6.4-1ubuntu3_amd64.deb Step 3 || wget http://de.archive.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_6.1.0.406-0ubuntu10_amd64.deb

Step 4 || sudo dpkg -i likewise-open_6.1.0.406-0ubuntu10_amd64.deb

Step 5 || sudo dpkg -i libglade2-0_2.6.4-1ubuntu3_amd64.deb

Step 6 || sudo dpkg -i likewise-open-gui_6.1.0.406-0ubuntu10_amd64.deb

Time to access the Likewise GUI to join your Windows Active Directory

Step 7 || sudo domainjoin-gui

Step 8 || reboot

Ubuntu 14.04 accepts only internal system users on Logon screen and doesn’t provide the ability to manual login a user from Active Directory.

Step 9 || To actually perform a GUI Logon on Ubuntu 14.04 with an Active Directory User you will need to edit the ‘50-ubuntu.conf‘ file located in ‘/usr/share/lightdm/lightdm.conf.d/‘ path and add the following lines then reboot to apply changes.

allow-guest=false

greeter-show-manual-login=true

Step 10 || reboot

After reboot on Logon screen select Login and provide your Active Directory User credentials with related to syntax.

domain_name\domain_user [this one works best J]

domain_name.tld\domain_user

domain_user

Extra Goodies

Enable Active Directory Administrative Rights

Remote users from Active Directory have the same Standard status as internal Ubuntu users and are not allowed to perform administrative tasks on system. To grant root privileges to an Active Directory Administrative User, issue the following command with root privileges.

$ sudo usermod -a -G sudo AD_administrative_user

Basically the above command, adds the Active Directory Administrative User to Ubuntu local group “sudo”, group enabled with root powers.

 

About BjTechNews (833 Articles)
An IT guy trying to learn everything about technology and sharing it with you all. I'm a blogger and video blogger who highlights daily news in the tech industry, promoting tips and hacks for fellow techies.

25 Comments on Joining Ubuntu to Windows Active Directory [Notes]

  1. I have followed these instructions, except I did edit because it is a 32 bit machine. I was able to get it to join the domain, but when I try and log in as domain name\user it keeps telling me invalid password. I have tried more than one domain user.

    • Have you tried your domain name\username

      • Yes, I did try domain name\username both with .local at the end and not. It said it was successful, it added it to my active directory. It gives me two options when logging in, either administrator of the local machine or a Login section for domain I assume. I’m new to Ubuntu.

  2. i have the same error

  3. Hi, I have joined the system to domain and also can log in through the open port network we are using which require no password but i cant log in using other ports. Becaue we are having a network authentication for each user. after authentication only we can get the ip from the servers. So what i have to do now to get in to through normal ports. Please help me.

    • Abdul Mannan Qureshi // November 12, 2014 at 5:59 am // Reply

      Abdul Mannan Qureshi
      Karachi- Pakistan

      Join Ubuntu 14.10 to a Windows Domain using PBIS Open

      The following instructions will guide you through the process of joining an Ubuntu 14.10 / 14.04 clients to a Windows Domain using Power Broker Identity Services Open Edition version pbis-open-8.2.0.2969.linux.x86.deb.sh

      Environment:
      Windows Server 2008 R2 Standard Domain Controller
      Ubuntu 14.10 / 14.04 LTS and Lubuntu 14.4 Client PCs

      1. Download the most current stable version of Power Broker Identity Services Open Edition
      Go to the following address and download the most current version of PBIS:

      http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

      Or, from a terminal type the following commands:

      cd ~
      sudo wget http://download.beyondtrust.com/PBISO/8.2/linux.deb.i386/pbis-open-8.2.0.2969.linux.x86.deb.sh

      2. Make the pbis installation script executable
      In the terminal navigate to the directory where pbis-open-8.2.0.2969.linux.x86.deb.sh is located and execute the following command:

      sudo chmod +x pbis-open-8.2.0.2969.linux.x86.deb.sh

      3. Run the pbis installation script
      From the terminal type the following command to install pbis open:

      sudo ./ pbis-open-8.2.0.2969.linux.x86.deb.sh

      4. Use PBIS Open to join your PC to the Windows Domain
      From the terminal:

      cd /opt/pbis/bin/
      sudo domainjoin-cli join –disable ssh $domainname $domainaccount
      *where domainname = the name of your domain and domainaccount = user@domainname.###
      EXAMPLE: sudo domainjoin-cli join –disable ssh mydomain.com admin@mydomain.com
      When prompted for a password supply the appropriate credentials and you should receive a “SUCCESS” prompt when finished.

      5. Set-up default configuration for domain users
      Use PBIS to pre-configure the user environment for all domain users that log into the newly added system.
      From the terminal:

      sudo /opt/pbis/bin/config UserDomainPrefix $domain
      sudo /opt/pbis/bin/config AssumeDefaultDomain true
      sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
      sudo /opt/pbis/bin/config HomeDirTemplate %H/%U
      sudo /opt/pbis/bin/config RequireMembershipOf “$domain\\$securitygroup”

      6. Edit the pamd.d common-session file
      From a terminal:

      sudo vi /etc/pam.d/common-session
      Find the line that states the following:
      session sufficient pam_lsass.so
      Replace it with:
      session [success=ok default=ignore] pam_lsass.so

      7. Edit the lightdm configuration file
      Edit the lightdm configuration file and append the following lines:

      sudo vi /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf
      allow-guest=false
      greeter-show-manual-login=true

      *If you are using Lubuntu 14.04 your lightdm configuration file will be: 60-lightdm-gtk-greeter.conf

      8. Give sudo access to users/groups
      Add any necessary administrative users and/or groups from your domain to the sudoers file to give them sudo privileges.
      From a terminal:

      sudo vi /etc/sudoers
      *using the file’s configuration examples add users/groups appropriately.
      EXAMPLE:
      fadmin ALL=(ALL:ALL) ALL

      9. Reboot and Log-in

      Reboot your PC and log-in using an appropriate domain user account.

      Conclusion:
      These instructions have only been tested on Ubuntu 14.10 and 14.4, Lubuntu 14.04 LTS Distributions. With minimaltweaking these steps should also work for other distributions. Older and now deprecated versions of Likewise-Open should work in a similar fashion as PBIS-Open, and may be required on older distributions.

  4. When I get to step 4 I encounter the error:

    “package architecture (amd64) does not match system (i386)”

    I’m guessing it’s because my machine is using an intel processor instead of an AMD is there a way around this?

  5. Hello, when I attemp to login with myDomainName\myUserName I always get error – incorrect password ( I am sure that I am typing it in correctly ) Can you please help? 😀

  6. There was a problem with DNS, fixed now!

  7. Hi there just wanted to start off by saying thank you your tutorial is basically the only one out there that actually works and makes it easy to join ubuntu to a windows domain. I did have a question though, have you ever joined linux mint to a windows domain ? If so could you create a tutorial on how to go about doing so i thought it might be the same since mint is built on top of ubuntu but when i get to step 8 i cant locate the lightdm folder in the user share. It doesnt seem to exist on mint.

  8. Hi, thank you for this amazing tutorial.

    Am I able to use this for Ubuntu 12-04?

    Thanks.

    Eli from Israel.

  9. I am now able to login with a domain user account but that account needs an administrative privilages. Can you please suggest. I gave the command “sudo usermod -a -G “account name” but it shows an error ” usermod : group ” account name” not found. Please help

  10. Juan Salazar // March 25, 2015 at 9:55 am // Reply

    I’m using Unbuntu 64 bit and when i’m trying to join to my domain it gives me a DNS_ERROR_BAD_PACKET. A bad packet was received from a DNS server.Potentially the requested address does not exist.

  11. Any idea how to get this working with a 32 bit intel machine?

  12. Raul Stallworth // May 20, 2015 at 3:52 pm // Reply

    hi i use the steps as you said, and ubuntu send me this :

    –2015-05-20 12:50:30– http://de.archive.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_6.1.0.406-0ubuntu10_amd64.deb
    Resolving de.archive.ubuntu.com (de.archive.ubuntu.com)… 141.76.1.200, 141.30.13.20, 141.30.13.10, …
    Connecting to de.archive.ubuntu.com (de.archive.ubuntu.com)|141.76.1.200|:80… connected.
    HTTP request sent, awaiting response… 404 Not Found
    2015-05-20 12:50:30 ERROR 404: Not Found.

    do you have an idea.

    these is my email raulstallworth@hotmail.com
    hope you can help me thnks

    • the problem is that the link are no longer working. check out the video on the phone, but check it out on YouTube. Many people have enter the correct and active links under the comment section of the video. Hope this helps.

  13. Hello,
    Ubuntu 15.04 x64, on 7 step got error message:

    “Error code: ERROR_FILE_NOT_FOUND (0x00000002)

    Backtrace:
    ../domainjoin/domainjoin-gui/gtk/main.c:614
    ../domainjoin/libdomainjoin/src/djapi.c:257
    ../domainjoin/libdomainjoin/src/djroutines.c:54
    ../domainjoin/libdomainjoin/src/djauthinfo.c:1028”

    Already rebooted and reinstalled… still don’t work, help me please.

    PS: links was broken, i downloaded fresh ones:
    likewise-open_6.1.0.406-0ubuntu5.1_amd64.deb
    libglade2-0_2.6.4-1ubuntu1.1_i386.deb
    likewise-open-gui_6.1.0.406-0ubuntu5.1_amd64.deb

  14. Arul kumar // August 7, 2015 at 3:47 am // Reply

    hai, I am a new user to this site,i need your help.
    qus: How to enable AD users policies in ubuntu14.04 client server? and how to set default Ad login image in ubuntu

  15. Hello, when I attempt to login with my DomainName\myUserName I always get error – incorrect password ( I am sure that I am typing it in correctly ) Can you please help?

2 Trackbacks / Pingbacks

  1. likewise-open install issues | DL-UAT
  2. Joining Ubuntu to Windows Active Directory – Karina Gabrielle Wijaya

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s