What is likewise linux

Note:

LikewiseOpen is now Beyond Trust — PowerBroker Identity Services Open Edition The Likewise website is gone, and links to it are broken. I have repaired some of them, but I have not found them all. The repositories are still using the likewise-open name, so the instructions are still good. However, the repo version in 12.04 will not work with the repo version of samba. Get the new branded version at http://www.beyondtrust.com/Technical-Support/Downloads/PowerBroker-Identity-Services-Open-Edition/?Pass=True

Introduction

Likewise Open provides a complete authentication solution allowing *nix systems to be fully integrated into Active Directory environments. Created by Likewise Software to make Linux and Unix systems first class citizens on Windows networks, likewise-open will authenticate both Ubuntu Desktop Edition and Ubuntu Server Edition machines.

Installation

Likewise Open is available in the Main repository. Users can install using apt-get or the Synaptic Package Manager. However, if installed through the repositories the upgrade process is a little trickier.

likewise-open provides numerous simple-to-use command line utilities and likewise-open-gui provides a feature-limited graphical utility. likewise-open-gui is however, more than sufficient for most common small deployments. This should not dissuade users from working with the command line tools as they are both logical, and provide and great deal of very useful diagnostic and configuration utility.

For instructions on installing software and using repositories see the InstallingSoftware page.

Joining a Domain CLI

• You have access to an Active Directory user with appropriate access.
• The Fully Qualified Domain Name of the domain you want to join.
• DNS for the domain is set up appropriately.

To join a domain from a terminal prompt enter:

sudo domainjoin-cli join example.local Administrator

You will then be prompted for the user’s password. Administrator in the example above. If all goes well a SUCCESS message should be printed to the console.

The account specified in the domainjoin-cli argument must have permission to join machines in Active Directory.

After joining the domain, Likewise Software advises users restart their machines as a number of daemons must be restarted in a specific sequence.

Logging In

Once you have successfully joined a Ubuntu machine to an Active Directory domain you can login using any valid AD user. To login you will need to enter the user name as ‘domain\username’. For example to ssh to a server joined to the domain enter:

ssh 'example\joan'@hostname or ssh example\\joan@hostname or ssh -l 'example\joan' hostname

Alternatively, run lwconfig AssumeDefaultDomain true If configuring a Desktop the username will need to be prefixed with domain\ in gdm.

Other Utilities

• lw-update-dns — Allows users to update their dns entriees on the domain controller.
• lw-get-status — Displays information regarding the machine´s join status.

Note: full documentation is available on Likewise Software´s website at:

Configuration

Adding sudo

One of the first things you’ll want to do is give sudo access to certain groups of users. Here is the modified portion of /etc/sudoers that gives all members of the group ‘team-alpha’, with a Pre-Windows 2000 domain of OMG access to sudo:

# Members of the admin group may gain root privileges %admin ALL=(ALL) ALL %OMG\\team-alpha ALL=(ALL)ALL

If your group name has spaces, replace them with caret’s (^), so ‘team alpha’ would become ‘team^alpha’

Restricting access to specific groups

By default, LikewiseOpen allows all AD users to logon. To limit this to specific groups (in this case ‘domain admins’ and ‘unix admins’ with a Pre-Windows 2000 domain of OMG) run:

sudo lwconfig RequireMembershipOf "OMG\\domain^admins" "OMG\\unix^admins"

LikewiseOpen (последним исправлял пользователь 99-29-179-119 2012-12-12 04:16:44)

The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details

Источник

Likewise-open или ввод Linux в Active Directory

С этой статьи я хочу открыть раздел на своем блоге, посвященный такому незаслуженно-обделенному вниманию продукту как likewise-open. Этот бесплатный продукт позволяет без лишних хлопот ввести в Active Directory *nix систему, например Linux, FreeBSD, MacOS X. Что это дает:

• единую аутентификацию пользователя на разных компьютерах и системах одной учетной записью из ActiveDirectory
• прозрачную авторизацию на сетевых сервисах типа smb в Nautilus
• политику паролей пользователей из AD
• не требует внесения изменений в AD
• обеспечивает SSO для SSH

Для 10.04 рекомендую ставить из PPA, потому как версия из репозитория с блекджеком багом (http://ppa.launchpad.net/likewise-open/likewise-open-ppa/ubuntu)

sudo add-apt-repository ppa:likewise-open/likewise-open-ppa && sudo apt-get update
sudo apt-get install likewise-open-gui

Ввод машины в домен через GUI-утилиту domainjoin-gui:
[

sudo domainjoin-cli join example.com admin

Пока что на этом все, но я хочу собрать небольшой FAQ по этому продукту, буду постепенно добавлять вопросы.

FAQ 🔗

Q: Почему не работает AssumeDefaultDomain? Как сделать домен по умолчанию?

A: Как я выше написал, в Ubuntu 10.04 стоит likewise-open 5.4, в ней есть как минимум один баг — не работает AssumeDefaultDomain (домен по умолчанию). Поэтому надо ставить пакет из ppa.

Как применить настройку? Файл /etc/likewise-open/lsassd.reg, ключ:

Ставим значение 00000001, далее

sudo lwregshell import /etc/likewise-open/lsassd.reg

sudo lw-refresh-configuration

Источник

LikeWise Open — Active Directory Installation and Configuration on Linux

Our heterogeneous networks they are more common than we think. There are numerous companies, organizations and also many users who set up heterogeneous computer networks in their own homes to share data and services with each other. It is not the first time that we deal with the issue of heterogeneity, since the Samba package that we have talked about so much is a clear example of a utility that allows us to share and manage files between different Microsoft Windows and Unix operating systems using this protocol.

But on many occasions system administrators or users have to go much further and need somewhat more complex services and configurations than a simple file exchange between these operating systems, such as LDAP servers for logins, or managing a Microsoft Windows Distributed Network Service as it can be Active Directory, that without the help of the tool that we present to you today could be something more complex from your Linux distro .

What is Active Directory?

If you don’t know what it is AD or Active Directory, it is a Microsoft technology to implement directory service in a distributed network of computers. For this, it uses different protocols such as LDAP, DNS, DHCP and Kerberos, surely they all sound familiar to you, since they are quite popular. This fabric is established between several computers or servers that create and manage various objects such as users, computers, groups, passwords, in order to manage the logins of the computers that are configured in AD and belong to this network.

AD has a well-established structure, in hierarchical order and allows the sysadmins establish robust policies to be able to carry out remote management of the environments, apply updates to all computers, share folders and resources on the network, deploy programs on all computers on the network, etc., all in a fairly controlled and simple way It can be carried out from any machine, even a GNU / Linux distribution with the appropriate software as we are going to indicate in this tutorial, although there are other options.

How to install and configure LikeWise on Linux?

Likewise Open is an MIT application that can help you manage an AD from your GNU / Linux distribution. Likewise simplifies what is necessary to configure and authenticate a Linux machine within an Active Directory domain. For this, this software package makes use of some well-known tools such as the famous winbind package. This package also includes the well-known winbindd daemon, which surely sounds familiar to you since it is also used in Samba. Thanks to this daemon, you can manage this type of Windows network from your distro.

To install Likewise Open on your distro, you could use a tool like alien to convert the DEB package into another type of binary like RPM, etc., although I don’t recommend it and that doesn’t ensure that it works properly either. I say this because I have found some difficulties in certain distros to find this package, although it is true that in Ubuntu and CentOS I have not had any problems . in fact, I will do the steps for Ubuntu.

To install the likewise-open package which is the name it receives, you will easily find it in the repositories of your Ubuntu distro, and with its package manager you can install it in a very simple way by executing the command:

sudo apt-get install likewise-open

Probably on distros Newer Ubuntu will have problems, and the package will not be found. Don’t worry, you could look for an alternative like PBIS on GitHub, but I don’t recommend that you search the web for a version of the DEB package, as it is not a reliable source…. But so you don’t have to search, the easiest thing is to do the following, add this link to your browser and download the DEB package:

http://archive.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_6.1.0.406-0ubuntu5_amd64.deb

And once you have it, you can run the following command again to install it and now you shouldn’t have any problem:

sudo dpkg -i likewise-open_6.1.0.406-0ubuntu5_amd64.deb

Now the package will be installed, we have everything ready to run and start using it. At this time we must comment with the setting for it to work properly on the network, and for this you must execute the following command in the terminal:

sudo domainjoin-cli join nombre-de-mi-dominio.es Administrador 

You substitute name-of-my-domain.es by the domain that you are using according to your case and Administrator by the name of the administrator account that is or of the user that we need. Once this is done you must restart your Linux distro (or simply restart the likewise-open service so that it recognizes the changes), you can do it from the graphical environment or through a reboot from the console, as you prefer.

Now, once you start, you could use a tty or also do it from the login menu which appears right during the startup of the desktop environment. This time, instead of entering your normal username and password as you normally would, you can enter the name or administrator that you previously configured like this:

nombre_usuario@mi-nombre-de-dominio.es

And you will also write the password that said user or administrator has within the Active Directory. After pressing the button to start session we will be inside, being able to manage what we need .

I hope that the tutorial has helped you and you can manage your AD in an easier way from your GNU / Linux distribution. Don’t forget to leave your comments, suggestions and doubts .

The content of the article adheres to our principles of editorial ethics. To report an error click here.

Full path to article: Linux Addicts » General » Resources » LikeWise Open — Active Directory Installation and Configuration on Linux

Источник