In the past I have used likewise-open to join Linux servers to a Windows domain controller. There were always at least some issues using likewise-open and even though it was always possible to get it working it was always a pain. Today I started the process and of course ran into an error which is noted below in more detail so I did some research and came across centrify which ended up being much easier and worked without issue. Use the instructions below to install, configure, and use centrify to join a Linux server to a Windows DC.
Errors With likewise-open On Ubuntu Linux:
As noted above I had used likewise-open in the past to join Linux servers to a Windows domain controller and while there were issues I was always able to get it to work in the end. This time I got frustrated and decided to look around for other options because of a package conflict with likewise-open and part of the error output is below. I was having issues even getting likewise-open and likewise-open5 installed on Ubuntu 10.04.
likewise-open dpkg Error On Ubuntu:
dpkg: error processing likewise-open (--configure):
After some searching I came across centrify which offers a paid and a free version so I was a bit skeptical that the free version would do what I needed it to do however in the end it worked perfectly. Use the details below to install centrify on a Ubuntu 10.04 Linux server.
Install Centrify On Ubuntu Linux To Join Ubuntu To Windows Domain Controller:
- Download Centrify: Click here to locate the correct centrify agent for your version of Linux. In this example we join an Ubuntu 10.04 64 bit Linux server to a Windows domain controller however the process should be very similar for other versions of Linux. When you download the centrify agent you are required to input some personal details so it is easiest to download the package to the desktop you are working from and then SCP it to the Linux server you want to join to the domain. The centrify agent package downloaded at the time of this article was named centrify-suite-2012.3-deb5-x86_64.tgz.
- Unpack Centrify Agent Package: Now unpack the centrify agent package which I recommend first creating a centrify directory to unpack it in since there is no directory structure. Below there is example output showing the centrify agent being unpacked after it is on the Linux server you want to join to a domain.
root@dev:~# mkdir centrify root@dev:~# mv centrify-suite-2012.3-deb5-x86_64.tgz centrify/ root@dev:~# cd centrify/ root@dev:~/centrify# ls centrify-suite-2012.3-deb5-x86_64.tgz root@dev:~/centrify# tar -zxvf centrify-suite-2012.3-deb5-x86_64.tgz ./adcheck-deb5-x86_64 ./centrify-suite.cfg ./centrifyda-2.0.2-deb5-x86_64.deb ./centrifydc-5.0.2-deb5-x86_64.deb ./centrifydc-install.cfg ./centrifydc-ldapproxy-5.0.2-deb5-x86_64.deb ./centrifydc-nis-5.0.2-deb5-x86_64.deb ./centrifydc-openssh-5.9p1-4.5.4-deb5-x86_64.deb ./install-express.sh ./install.sh ./release-notes-agent-deb5-x86_64.txt ./release-notes-da-deb5-x86_64.txt ./release-notes-nis-deb5-x86_64.txt ./release-notes-openssh-deb5-x86_64.txt root@dev:~/centrify#
- Run Centrify Express Installer: Now from the centrify directory you created run the centrify express installer as shown in the below example output. The installer is started by running “./install-express.sh” from the command line on the Linux server. The information that is required to successfully complete the centrify express installer includes the domain you are going to join such as example.com, a user with privileges to make changes to the domain, that same users password, the name of the Linux server joining the domain such as “dev”, and the hostname of the domain controller itself. All of the other options can simply be the default options. Also note that you must use the domain name of the domain controller and not the IP address. I also ran into issues using users other than Administrator though the issues may have just been on my end but if you run into problems with another user try the Administrator account to rule that out.
root@dev:~/centrify# ./install-express.sh ***** ***** ***** WELCOME to the Centrify Express installer! ***** ***** ***** Detecting local platform ... Running ./adcheck-deb5-x86_64 ... OSCHK : Verify that this is a supported OS : Pass PATCH : Linux patch check : Pass PERL : Verify perl is present and is a good version : Pass SAMBA : Inspecting Samba installation : Pass SPACECHK : Check if there is enough disk space in /var /usr /tmp : Pass HOSTNAME : Verify hostname setting : Pass NSHOSTS : Check hosts line in /etc/nsswitch.conf : Pass DNSPROBE : Probe DNS server 192.168.44.1 : Pass DNSCHECK : Analyze basic health of DNS servers : Pass WHATSSH : Is this an SSH that DirectControl works well with : Pass SSH : SSHD version and configuration : Pass With this script, you can perform the following tasks: - Install (update) Centrify Suite Enterprise Edition (License required) [E] - Install (update) Centrify Suite Standard Edition (License required) [S] - Install (update) Centrify Suite Express Edition [X] - Custom install (update) of individual packages [C] You can type Q at any prompt to quit the installation and exit the script without making any changes to your environment. How do you want to proceed? (E|S|X|C|Q) [X]: Do you want to run adcheck to verify your AD environment? (Q|Y|N) [Y]: Please enter the Active Directory domain to check: example.com Join an Active Directory domain? (Q|Y|N) [Y]: Enter the Active Directory authorized user [administrator]: Enter the password for the Active Directory user: Enter the computer name [dev]: Enter the container DN [Computers]: Enter the name of the domain controller [auto detect]: domain-controller.example.com Reboot the computer after installation? (Q|Y|N) [Y]: You chose Centrify Suite Express Edition and entered the following: Install CentrifyDC 5.0.2 package: Y Install CentrifyDC-nis 5.0.2 package: N Install CentrifyDC-openssh 4.5.4 package: Y Install CentrifyDC-ldapproxy 5.0.2 package: N Install CentrifyDA 2.0.2 package: N Run adcheck : Y Join an Active Directory domain : Y Active Directory domain to join : example.com Active Directory authorized user : administrator computer name : dev container DN : Computers domain controller name : domain-controller.example.com Reboot computer : Y If this information is correct and you want to proceed, type "Y". To change any information, type "N" and enter new information. Do you want to continue (Y) or re-enter information? (Q|Y|N) [Y]:
Once you click Enter above the install process will begin and should only take a couple of minutes. Once the server reboots it should be joined to the domain.
- Test Login To Linux Server With Domain Account: Now login with a domain user to the Linux server. One nice thing about centrify is the fact that you do not have to type domain\user or user@domain as the username as it will recognize simply using the username itself.
That is it! Your Ubuntu Linux server should now be part of the domain and the Centrify Express installer will have configured all of the proper services to start on reboot so until you remove the Linux server from the domain manually it will always boot joined to the Windows Domain.