Connecting (Ubuntu) Linux to Windows Active Directory for Authentication

Linux Authentication Against Windows?  Why not!

Why Bother?

  When approaching the possibility of using Linux to administer Windows networks, the very first aspect I felt needed to be addressed was the ability to authenticate my workstation against our company's Active Directory and hopefully, integrate this authentication with the local computer's log on process.  By integrating the log on, I knew that the workstation would be able to access our network's resources at start-up without any additional set up or scripting.  This would make it simple to get to shared client files, work in shared locations on our network with co-workers that are using Windows, and to keep the log on uniform across other network services.

LikeWise Open vs. Other Solutions 

LikeWise Open: Simple and free!

Searching around the Internet provided the answer I used on my workstation: LikeWise Open, the open-source version of LikeWise Enterprise.  LikeWise Open is one of a handful of solutions for connecting a Linux workstation to an Active Directory domain for authentication.  I chose it because the steps in Ubuntu seemed simple to follow and, well, I like simple! (Your distro's package repo may have it, it may not, just check!)

So, here's what I did:

Using Ubuntu's help page for Likewise Open on 10.04, I installed Likewise Open from apt using the following command in a terminal window:

sudo apt-get install likewise-open

Or click here to install via Software Center

Once installed, you can use it's "domainjoin-cli" command to join the workstation to your Windows domain.  Now, as a Windows Admin, you should already be aware of some needed information and configuration that has to be done before a workstation can successfully join a Windows domain.  These include:

• Have the Windows DNS server configured as the primary domain server for your workstation. This is normally accomplished via DHCP, otherwise configure statically as needed.
• Have the FQDN of the domain you are looking to join (ex. domain.local).
• Have an account with permission to join workstations to the domain.
• You may specify an OU during the join process, as needed, have the name of the OU handy.

 The syntax of the command is as follows:

sudo domainjoin-cli join [--ou <NameOfOU>] domain.local <UserAccount>

 In this example, domain.local is the FQDN for my domain, and <UserAccount> would be replaced by the account with permission to join the domain. You should be prompted for a password to complete the join process.

 Once the join completes, the system will need to restart to allow the machine to log on.  Once the reboot completes, the workstation will be able to authenticate with the domain by entering the username and password in the following format:

DOMAIN\<UserName>

Here, the "DOMAIN" is the NetBIOS name of your domain. After logging in, your workstation is now authenticated against the domain and can access resources just like a Windows client!  SMB shares, printers, LDAP queries, Exchange Mailboxes, etc.

Single Sign-On is Simple!

For any Windows admin, this is an important first step in integrating their Linux workstation with their network for the same, easy, single-sign-on access to network resources that they enjoy from Windows.

For more information, including video tutorials and alternate products, follow the links below:

Joining Ubuntu 11.04 to Active Directory

Centrify Express: AD Authentication for Linux

Authenticating with Active Directory in Ubuntu

Please feel free to use the comments section below or our Google+ Page to share other methods or tips for configuring Linux workstations for Active Directory.

Note:  LikeWise Open is now BeyondTrust PowerBroker Identity Services Open. However, the Ubuntu Community Forums are saying the apt repos still refer to the package as likewise-open as stated above so these instructions should still work,  likewise-open is no longer available in the repos.