En installation af likewise-open på en Ubundu-lucid desktop

Linuxbruger@linuxbox:~$ sudo apt-get install likewise-open
[sudo] password for Linuxbruger:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7
Suggested packages:
krb5-doc likewise-open-gui
The following NEW packages will be installed:
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7 likewise-open
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 3.402kB of archives.
After this operation, 10,1MB of additional disk space will be used.
Do you want to continue [Y/n]? y

Hvis man på nuværrende tidspunkt prøver at Join domainet vil man få nedestående error.

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
Joining to AD Domain:   AD-Domain.local
With Computer DNS Name: linuxbox.AD-Domain.local

administrator@AD-Domain.LOCAL's password:

Error: Lsass Error [code 0x00080047]

40286 (0x9D5E) LW_ERROR_LDAP_SERVER_DOWN - Unknown error

Configurations scriptet kan ikke finde LDAP servern

Linuxbruger@linuxbox:~$ ping AD-Domain.local
ping: unknown host AD-Domain.local

For at løse dette problem ligger vi domain navnet og en ip på en DC ind i hosts filen.

Linuxbruger@linuxbox:~$ sudo vi /etc/hosts
10.10.100.3  AD-Domain.local

Herefter er det også nødvedig at ændre i nsswitch.conf

Linuxbruger@linuxbox:~$ sudo vi /etc/nsswitch.conf
ændre linjen:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
til
hosts:          files dns

Genstart maskinen.

Linuxbruger@linuxbox:~$ sudo reboot

Nu er det mulig at JOIN domainet.

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
[sudo] password for Linuxbruger:
Joining to AD Domain:   AD-Domain.local
With Computer DNS Name: linuxbox.AD-Domain.local

administrator@AD-Domain.LOCAL's password:
Warning: System restart required
Your system has been configured to authenticate to Active Directory for the
first time.  It is recommended that you restart your system to ensure that all
applications recognize the new settings.

SUCCESS
You should reboot this system before attempting GUI logins as a domain user.
Linuxbruger@linuxbox:~$

Vi genstarter iigen ;-)

Linuxbruger@linuxbox:~$ sudo reboot

og nu kan man logge ind med sin Windows Credentials og browse windows netværet med disse, dog har man ikke admin rettigheder på den lokale linux-box, dette kan dog ændres ved at tilføje ens bruger-id til via visudo.

AD-Domain\ADbruger@linuxbox:~$ ssh Linuxbruger@localhost

Linuxbruger@linuxbox:~$ sudo visudo
tilføj for en enkelt bruger

AD-Domain\\ADbruger ALL=(ALL) ALL

eller som grupper

%AD-Domain\\Dksil01_all   ALL=(ALL) ALL
%AD-Domain\\domain^admins ALL=(ALL) ALL

Hvorved at man undgåer nedestående fejl.

T-NERD\ADbruger@linuxbox:~$ sudo su
[sudo] password for AD-Domain\ADbruger:
Your password will expire in 9 days

Your password will expire in 9 days

AD-Domain\ADbruger is not in the sudoers file.  This incident will be reported