likewise-open | 14.04 | other easy way to connect AD?

Solution 1

Using Powerbroker instead of likewise

do as steps below

1- download powerbroker frome here http://download1.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

2- run it ,

sudo chmod a+x

run by typing it and hitting enter key

 sudo ./pibsfilename.sh

3- join by one of the below commands

 sudo domainjoin-cli join domainname.com [email protected]

or

 sudo domainjoin-cli join --disable ssh domainname.com [email protected]

4- Also, note that you might need to make one minor change to a config file as noted here. Namely, in the file /etc/pam.d/common-session, change the line that reads:

   session sufficient pam_lsass.so

to

   session [success=ok default=ignore] pam_lsass.so

5- run this command to config, like lwconfig in likewise (run from home folder), use caret ^ for spaces in group names

   /opt/pbis/bin/config Requiremembershipof "domainname\\ASecurityGroupFromYourDomain" "domainname\\plus^other^group"
   /opt/pbis/bin/config AssumeDefaultDomain true
   /opt/pbis/bin/config UserDomainPrefix domainname

6- if you want a username to be sudoer do as follows

 sudo nano /etc/sudoers

after root line add the line below

 username ALL=(ALL:ALL) ALL

for group use %:

 %DOMAINNAME\\Power^Users ALL=(ALL:ALL) ALL

7- and finally edit lightdm configuration file

   sudo nano /usr/share/lightdm/lightdm.conf.d/50-unity-greeter.conf

   allow-guest=false
   greeter-show-remote-login=false
   greeter-show-manual-login=true

(60-lightdm-gtk-greeter.conf in Lubuntu 14.04)

8- Reboot

Resources used:

• http://community.spiceworks.com/how_to/show/80336-join-ubuntu-14-04lts-to-a-windows-domain-using-pbis-open
• Add AD Domain user to sudoers from the command line
• https://serverfault.com/questions/387950/how-to-map-ad-domain-admins-group-to-ubuntu-admins
• http://codenuggets.com/2014/05/15/likewise-open-change-default-user-shell/

Solution 2

It has simply been rebranded, and removed from official repositories. It is now known as BeyondTrust PowerBroker Identity Services, Open Edition (not as catchy, I know), and can be found here.

Also, note that you might need to make one minor change to a config file as noted here. Namely, in the file /etc/pam.d/common-session, change the line that reads:

session sufficient pam_lsass.so

to

session [success=ok default=ignore] pam_lsass.so

Found this info after a LOT of Googling and pulling out hair. Hope this helps.

Solution 3

Thanks a lot. For me (instead of use the PBIS (powerbroker identify service)) i will run with the "realmd - network authenification" that use "sssd". This install and configure all components (Kerberos and the sssd-config) for me (SSSD= System Security Services Daemon). The only thing to do is joining the domain (see realm --help) and manually setup pam (in /etc/pam.d/common-session; add "session required pam_mkhomedir.so umask=077) for auto-create homedirectorys and possibly modify sudoers-file for the ad-users. Take a look of that, I think that is an easy alternative way for AD-Integration and it comes out of the box and use standards.

Related videos on Youtube