Linux AD Authentication
Contents
1. Introduction
2. AD Authentication Using OS Integrated Options
3. AD Authentication Using Likewise Open 6.0
1. Introduction
If you are using a Linux workstation or server in a Windows Network, you can configure it to
authenticate against Active Directory. This means that you can use the same account name and
password to log on to your Linux or Windows machine.
Advantages of Using OS Integrated Options
If available, the integrated option to join Active Directory has been tested for functionality and
integration with the other applications for that particular Linux distribution. Depending on the
particular Linux distribution installed, there may be better support options and resources when using
the built-in option.
Advantages of Using Likewise Open 6.0
Not all distributions of Linux offer an integrated option for Active Directory authentication, so this may
be your only option. If you support a number of different versions and distributions of Linux, a common
interface has its advantages.
Both options are technically equal and rely on Winbind and Kerberos standards for functionality.
2. AD Authentication Using OS Integrated Options
This example uses OpenSUSE 11.3 32-bit.
1. Go to the YaST2 Control Center and open “Windows Domain Membership” under the
Network Services group.
2. Configure the membership information
3. Click OK. At this point, you may be prompted to install any missing dependent packages
(like winbind or krb5)
4. You will be prompted to join AD.
5. Click Yes, and then enter your credentials for joining AD.
6. You should receive a successful message and a prompt to reboot.
7. After rebooting, login with AD\userid and your ULink password.
3. AD Authentication Using Likewise Open 6.0
Step 1: Download Likewise Open
Go to http://www.likewise.com/community/index.php/download. Right-click the
download link for your platform on the Likewise Open Download page and then save the
installer to the desktop of your Linux computer.
Step 2: Install Likewise Open on Linux
For most Linux platforms, you install Likewise Open by using a Bitrock Installer — an
executable whose file name ends with installer. Example: LikewiseOpen-6.0.0.3551-
linux-i386-rpm-installer
For versions of Linux running glibc 2.2
or earlier, the installer is a shell script
whose file name ends in .sh; for
instructions on how to install the shell
script, see Install the Agent on Linux
with glibc 2.2 or Earlier.
1. As root, make the installer
executable: On the desktop,
right-click the installer, click
Properties, click the
Permissions tab, and
depending on your operating
system select either Allow
executing file as program or
Execute for Owner, and then
click Close.
Keep in mind that the dialog
box can vary by platform: The
point is that you must set the owner to be the root account and you must set the
file to be executable as a program by the root account with read and write
permissions.
Tip: You can also make the installer executable from the command line by
running chmod a+x as root or with sudo:
chmod a+x LikewiseOpen-6.0.0.3551-linux-i386-rpm-installer
2. As root, double-click the installer to run it and then follow the instructions in the
installation wizard.
Tip: On Ubuntu, run the installer from the command line:
sudo ./LikewiseOpen-6.0.0.8242-linux-i386-deb-installer
Step 3: Join Active Directory
After the wizard finishes installing Likewise Open, the user interface for joining a domain
appears. If it does not appear, see Join Active Directory with the Command Line.
To join a computer to a domain, you must use the root account and you must have the
user name and password of an Active Directory account that has privileges to join
computers to the domain.
1. In the Domain box, enter ad.louisville.edu
2. To avoid typing the domain prefix before your user or group name each time you
log on, select Enable default user name prefix and enter AD.
3. Click Join Domain.
4. Enter the user name and password of an Active Directory account that has
privileges to join computers to the domain and then click OK.
After you join a domain for the first time, you must restart the computer before you can
log on.
To solve problems, see Troubleshooting Domain-Join Problems or run this command at the
command line: domainjoin-cli --help
Step 4: Log On with AD Credentials
After you join a domain and restart your Linux computer, you can log on interactively or
from the text login prompt with your Active Directory credentials in the following form:
AD\username. If you set a default domain, just use your Active Directory username.
1. On a Linux computer, log out of the current session.
2. Log on the system console by using the name of your Active Directory user
account.
If you did not set a default domain, log on the system console by using an Active
Directory user account in the form of AD\username,
Important: When you log on from the command line, for example with ssh, you
must use a slash to escape the slash character, making the logon form
AD\\username.