How to use Ubuntu at workplace by joining an Active Directory domain

Requirements:

• Computer running Ubuntu (10.04 / 10.10 / 11.04)
• Admin rights to join a computer to domain
• likewise-open version 6.0.0.8388 

Updated : 8^th September 2011

I have updated this guide to use the newer likewise-open version 6.0.0.8388 that works a lot better and is easier to setup.

 

Preparation

sudo gedit /etc/nsswitch.conf

replace hosts line that reads

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4

with below and save the file:

hosts:          files dns

In terminal, ping your fully qualified domain name (FQDN)

ping mydomain.local

or ping somehost.example.com

If you cannot ping or it is the wrong IP address

sudo gedit /etc/hosts

Add your domain and ip address before the localhost entry

192.168.1.1 mydomaina.local

127.0.0.1 localhost

Save the file and Reboot.

 

Installing likewise-open

Download Likewise-open 32-bit or 64-bit package from the website:
http://www.likewise.com/community/index.php/download/   

Once downloaded, Open Terminal and type the following:

sudo bash Downloads/LikewiseOpen-6.0.0.8388-linux-i3860deb

Answer "y" to the prompts

Once it is installed, you will see the Domain join GUI. Type in your domaina name and click Join. Enter Administrator username and password or an account that has permission to join computers to domain.

You will see a message saying “Restart required”. Before you reboot, add the domain user to sudoers and to login screen user list.

 

Adding users to sudoers

We will be editing /etc/sudoers file for this:

sudo gedit /etc/sudoers 

Look for the following line:

# Members of the admin group may gain root privileges  
%admin ALL=(ALL) ALL

Add a lines as explained below:

If you have set default domain

username ALL=(ALL) ALL  # Allow specific account to sudo
domain^admins ALL=(ALL) # Allow admin group 
domain^users ALL=(ALL) ALL # Allow all domain users

if you are not using default domain then you have to include the domain name:

%mydomain\\yourusername ALL=(ALL) ALL
%mydomain\\domain^admins ALL=(ALL) ALL
%mydomain\\domain^users ALL=(ALL) ALL

 

Add domain username to login screen user list

sudo gedit /etc/gdm/custom.conf

Add the greeter part at the end of the file. Add your domain username to include section and any other you want to exclude.

[greeter]
Include=username1,username2
Exclude=administrator,guest,nobody

You can then reboot and login with your domain account.

Likewise-open default shell problem, terminal showing $ prompt

When you run a terminal you will get a $ prompt and tab to autcomplete will not work. To fix this type the following in terminal

sudo /opt/likewise/bin/lwregshell

cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory

set_value LoginShellTemplate /bin/bash

quit

Reboot once you have done the above.

Troubleshooting older version of Likewise-open:

Problems joining domain

  If you see an error as below, it means the domain name entered is not valid

Error: DNS_ERROR_BAD_PACKET [code 0x0000251e]

A bad packet was received from a DNS server. Potentially the requested address
does not exist.

If Domain name typed in is correct but you get the following error:

Network name not found.. Failure to lookup a domain name ending in ".local" may be the result of configuring the local system's hostname resolution (or equivalent) to use Multi-cast DNS. Please refer to the Likewise manual at http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-guide.html#ConfigNsswitch for more information.

Error code: ERROR_BAD_NET_NAME (0x00000043) Backtrace: main.c:341 src/djmodule.c:330 src/djauthinfo.c:722 src/djauthinfo.c:1146 Edit hosts file:

sudo gedit /etc/hosts

Add the following line after localhost entry

192.168.1.1 mydomain.local

If you still get an error like :

Error: LW_ERROR_ENUM_DOMAIN_TRUSTS_FAILED [code 0x00009ca0]

open /etc/nsswitch.conf

sudo gedit /etc/nsswitch.conf

Change the "hosts" line so it reads

hosts:          files dns

Problems loggin in...

Ensure that you are typing the domainname/username or just the username according to default domain value.

The older versions of likewise-open has a problem where the networking starts after the likewise services. You will not be able to login at all without restarting likewise service and once you have managed to log in, on the next reboot you will be in offline mode. Opening network shares will prompt you for username, domain name and password.

To fix this, in terminal type:
Press Ctrl+Alt+F1 which will take you to tty and login with an account that can sudo.

sudo gedit /etc/rc.local

This will open rc.local file in gedit

Add below code before line "exit 0"

/etc/init.d/lwsmd restart

so your rc.local file should look:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

/etc/init.d/lwsmd restart

exit 0

Save and Reboot. This will restart the likewise services just before you login preventing the offline mode and authentication problems.