Most Linux users assume there will never come a time when they will be able to join their machines to a Microsoft Windows domain. It’s always been off-limits. You could take your Linux laptop in to work, but you could never work within that domain. That is officially history. With recent updates to many of the systems and sub-systems in Linux comes the ability to now join a Windows domain. It’s not terribly challenging, but you will need to edit some configuration files.
In this How do I, I show you how to join your Linux machine to a Windows domain with the help of Likewise-Open.
This blog post is also available in PDF format in a TechRepublic download.
Download Likewise-Open
Go to the Likewise-Open download page. Make sure you download the file applicable to your distribution. You will also want to download the GUI application (if you prefer a graphical-user interface).
Install Likewise-Open
The downloaded file will be in the form of a precompiled executable binary. You will need to follow the following instructions in order to install it:
1. Open up a terminal window.
2. Change to the directory housing the Likewise-Open download file.
3. Issue the command:
chmod u+x Likewise*
4. Issue the command:
./LikewiseIdentityServiceOpen-XXX-linux-YYY-ZZZ-installer
Where XXX is the release number, YYY is your machine architecture, and ZZZ is the type of file you downloaded.
NOTE: You have to have root privileges to execute this command. To do this, you will either su to the root user or use sudo.
ALSO NOTE: If you plan on using the GUI, issue the command:
./LikewiseDomainJoinGui-XXX-linux-YYY-ZZZ-installer
Where XXX is the release number, YYY is your machine architecture, and ZZZ is the type of file you downloaded. NOTE: You have to have root privileges to execute this command. To do this, you will either su to the root user or use sudo.
5. Walk through the simple GUI installer.
You will also need to make sure winbind is installed on your machine. If it is not, install it with either your Add/Remove Software tool or a command similar to sudo apt-get install winbind.
Configure /etc/hosts
You need to add your domain controller into your /etc/hosts file. This entry will need to be in the form of:
IP_ADDRESS FDQN
Where IP_ADDRESS is the actual IP address of your domain controller and the FDQN is the fully qualified domain name of your domain controller.
Configure KRB5
This is where it gets tricky. You have to configure KRB5 and add the correct realm information to the configuration file. A realm entry will look like this:
DOMAIN.INTERNAL = {
kdc = domainserver.domain.internal
admin_server = domainserver.domain.internal
default_domain = DOMAIN.INTERNAL
}
NOTE: You will need to add the address of your domain controller in the section above.
ALSO NOTE: Capitalization is critical for this to work, so make sure you follow the above example correctly.
After you have that section entered, there are a couple more pieces to work on. The first piece is a small section above the [realms] directive. If your krb5.conf file doesn’t have a [libdefaults] section, add it like this:
[libdefaults]
default_realm = DOMAIN.INTERNAL
The final section you need to work on will be in the [domain_realm] directive. Make sure you add the following:
.domain.internal = DOMAIN.INTERNAL
domain.internal = DOMAIN.INTERNAL
That’s it for the KRB5 configuration.
Configure nsswitch
Open up the file /etc/nsswitch and make sure you see the following lines:
passwd: compat lsass
group: compat lsass
What you might see is the above lines without the lsass entry. If that’s the case, simply add the lsass to each line.
Joining the domain
Before you start up the Likewise-Open GUI to join the domain, let’s make sure you install a certificate on your host. To do this, issue the command:
kinit ADMIN_ACCOUNT@DOMAIN.INTERNAL
Where ADMIN_ACCOUNT is an account on the domain controller with admin rights and DOMAIN.INTERNAL is the domain you want to join. You will have to enter that admin account password before this will work. You can make sure that certificate was installed by issuing the command klist.
Finally you can issue the command sudo domainjoin-gui, which will start up the GUI tool to join the domain.
Once you have entered the credentials, click the Join Domain button and Likewise-Open will do its thing. Upon successfully joining the domain, you will need to log out and log back in. Remember, your domain username will be in the form of DOMAIN\username. And also remember, the username is the domain username, not the local username.
Final thoughts
That’s it. Linux has come a long way, and the ability to join a Windows domain speaks volumes for its maturity. And although this might seem like a chore, having to join a Linux machine with the help of Samba is by far more challenging.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!