Can Ubuntu 11.10 authenticate against Active Directory?

5,959

Solution 1

Yes, after I typed "active directory ubuntu authenticate" into google, the top page was this:

https://help.ubuntu.com/community/ActiveDirectoryHowto

So yes you can do that.

There are several ways to use AD for authentication, you can use Centrify Express, Likewise Open, pam_krb5, LDAP or winbind. For Centrify Express see DirectControl. Centrify Express can be used to integrate servers or desktops with Active Directory. Likewise Open is also a solution for Linux workstations to authenticate to an Active Directory domain. For Likewise Open see LikewiseOpen or Likewise Open. For Winbind see ActiveDirectoryWinbindHowto.

LikewiseOpen will be easiest:

Just install the packages:

# apt-get install likewise-open

If you want to have the gui for it:

# apt-get install likewise-open-gui 

Then to integrate it through CLI: Once you've installed the likewise-open package the main executable file is /usr/bin/domainjoin-cli which is used to join your computer to the domain. Before you join a domain you will need to make sure:

  • You have access to an Active Directory user with appropriate access.
  • The Fully Qualified Domain Name of the domain you want to join.
  • DNS for the domain is set up appropriately. Likewise Software provides a healthcheck script to assist users in insuring their machines are configured correctly. The script can be downloaded from http://www.likewiseopen.org/Likewise-PreCheck.zip

To join a domain from a terminal prompt enter:

sudo domainjoin-cli join example.local Administrator

You will then be prompted for the user's password. Administrator in the example above. If all goes well a SUCCESS message should be printed to the console.

The account specified in the domainjoin-cli argument must have permission to join machines in Active Directory.

After joining the domain, Likewise Software advises users restart their machines as a number of daemons must be restarted in a specific sequence.

Logging in

Once you have successfully joined a Ubuntu machine to an Active Directory domain you can login using any valid AD user. To login you will need to enter the user name as 'domain\username'. For example to ssh to a server joined to the domain enter:

ssh 'example\joan'@hostname

or

ssh example\\joan@hostname

or

ssh -l 'example\joan' hostname

If configuring a Desktop the username will need to be prefixed with domain\ in gdm.

Solution 2

Likewise Open is a good easy way to do that.

As from Ubuntu help page:

sudo apt-get install likewise-open
sudo domainjoin-cli join example.com user

Where user is a user with the privilege to join a computer to the domain, example.com is the Windows Active Directory Domain name.

Then you'll be prompted for the password for user. If successful, a SUCCESS message will be displayed. A reboot is a necessity after the successful join to the domain.

Also there is a graphical interface for likewise-open...

Share:
5,959

Related videos on Youtube

A.B. User
Author by

A.B. User

Updated on September 18, 2022

Comments

  • A.B. User
    A.B. User almost 2 years

    I'm replacing my Windows workstations.

    Can Ubuntu "login using AD" to Windows Server 2008 R2? Like Windows workstations that belong to a domain?

    • B14D3
      B14D3 over 12 years
      why this question get two downgrades?
    • amyassin
      amyassin over 12 years
      Not my downvote, but I really think you should ask it in askubuntu.com
    • cjc
      cjc over 12 years
      I haven't downvoted, but, given that the I Feel Lucky google search gives you the official docs, I think it's understandable. It's not an obscure piece of knowledge. If you have actual implementation questions, that would be looked on more favorably.
  • user9517
    user9517 over 12 years
    Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference. You should know better than to do that.
  • user9517
    user9517 over 12 years
    Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
  • amyassin
    amyassin over 12 years
    @lain thanks, just edited and gave the answer with the link as a reference...
  • Lucas Kauffman
    Lucas Kauffman over 12 years
    Updated my answer, sorry Iain :(
  • Lazy Badger
    Lazy Badger over 12 years
    @Iain - if question was "Can...", anser "Yes" is perfectly valid. Teach OP to ask good question, not answerer, which done own job well
  • Lazy Badger
    Lazy Badger over 12 years
    @T.Fabre - Do not bend! And do not sit down to play with sharpers on their rules
  • user9517
    user9517 over 12 years
    @LazyBadger: As you know, that's not how we like it.
  • T. Fabre
    T. Fabre over 12 years
    @Both : I meant no offense nor debate. I just wanted to point out that the question, which did not show any clear and useful effort, did not deserve a more complete answer. Best regards.
  • user9517
    user9517 over 12 years
    @T.Fabre: Just downvote it then - costs you nothing.