Here is the setup that I have currently on my network.
- Microsoft Small Business Server 2008 Premium- main Domain Controller
- Few Microsoft Windows Server 2008 Standard and Microsoft Windows Server 2003 SP2
- 3 Linux servers (Red Hat Enterprise Server 4 and 5 – one of them is already in AD) and GNU Linux Debian 6
Note: Red Hat Enterprise Server 5 is already joined to the domain but it was done the hard way by making a lot of modifications on SBS as well as on RH ES5 and playing with Kerberos setups = not fun 🙁
Main goal is to join my new server the GNU Linux Debian 6 to the domain and become a member server so users can use SSO (Single Sign On) across the domain without hassle.
What will we need to accomplish this goal?
- on the Debian box you will need to make few changes in these 3 main files in order to complete successful join into domain
- you will need to download recently updated likewise-open 6 file from Beyondtrust
Here are the steps how to join now the Linux Debian 6 or any LINUX server into Active Directory domain on Microsoft Windows Small Business server 2008 Premium network:
- AD domain name: mybusiness.local
- DC IP Address: 10.0.4.2
- Linux server name: linux3
- now log on to your Linux server and change to root
- make these changes in hosts, resolv.conf and nsswitch.conf files as you see bellow
#your hosts file should have 127.0.0.1 localhost 127.0.0.1 linux3 127.0.0.1 linux3.mybusiness.local
#your resolv.conf file should have nameserver 10.0.4.2 domain mybusiness.local
#your nsswitch.conf should have (scrolldown) hosts: dns files
To make sure you are ready and can connect/join domain run these commands:
root@linux3#$ host mybusiness.local You should get: mybusiness.local has address 10.0.4.2
root@linux3#$ nslookup mybusiness.local You should get: Server: 10.0.4.2 Address: 10.0.4.2#53 Name: mybusiness.local Address: 10.0.4.2
root@linux3#$ ping mybusiness.local you should be able to ping the server successfully
Once you have made all the changes and you get replies and domain is resolving, download the LikeWiseOpen–6 tool from the Beyondtrust site, you will need to create an account if you do not have it – hey, it is FREE They have few packages .deb, .rpm or tarball based on your distribution. Since my is Debian, I have grabbed the proper .deb file and once downloaded I had to change permissions so I could install it on the box.
- in my case I have downloaded = LikeWiseOpen-18.104.22.16898.i386.deb to my Download folder
- before you can install it you have to change permissions
- once done just execute and follow up the steps — few times type in yes to agree and it will be done
root@linux3#$ cd Downloads root@linux3#$ chmod a+x LikeWiseOpen-22.214.171.12498.i386.deb.sh root@linux3#$ sh LikeWiseOpen-126.96.36.19998.i386.deb.sh
If all is good once you run this command ( I preferred the command line instead of GUI ) you should see the message that your server has successfully joined your domain and you are required to reboot the server to apply the changes and get sync with the Active Directory domain.
if you have used GUI:
if you used CLI as I did:
root@linux3# cd /opt/likewise/bin root#linux3# domainjoin-cli join --assumeDefaultDomain yes mybusiness.local Administrator Joining to AD domain: mybusiness.local With Computer DNS name: linux3.mybusiness.local Administrator@mybusiness.local's password:******************** SUCCESS
First time I have logged back as the local user and run these commands to confirm that the GNU Debian Linux 6 server is now member of domain and I can use the domain credentials for users. All the tools are in /opt/likewise/bin provided by LikeWiseOpen.
lw-get-status pwd whoa lw-get-dc-name mybusiness.local
You will see the confirmation that you are indeed now using Active Directory credentials.
In case you are getting this error message:
20111006152006:ERROR:Lsass Error [ERROR_BAD_NET_NAME] Network name not found.. Failure to lookup a domain name ending in “.local” may be the result of configuring the local system’s hostname resolution (or equivalent) to use Multi-cast DNS.
Please refer to the Likewise manual at http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-guide.html#ConfigNsswitch for more information. Stack Trace: /builder/src-buildserver/BT-Platform-6.0/src/linux/domainjoin/domainjoin-cli/src/main.c:981 /builder/src-buildserver/BT-Platform-6.0/src/linux/domainjoin/domainjoin-cli/src/main.c:514 /builder/src-buildserver/BT-Platform-6.0/src/linux/domainjoin/libdomainjoin/src/djmodule.c:332 /builder/src-buildserver/BT-Platform-6.0/src/linux/domainjoin/libdomainjoin/src/djauthinfo.c:860 /builder/src-buildserver/BT-Platform-6.0/src/linux/domainjoin/libdomainjoin/src/djauthinfo.c:1309
You will need to fix this by:
- deleting all mybusiness.local reference from hosts file
- and make sure you comment out the original hosts: line in etc/nsswitch.conf and replace with hosts: dns
- now rerun the domainjoin-cli command and you should be successful 🙂
If you are interested in other options, there are few different ways to do this – very similar to LikeWiseOpen.
- Manual setup and configuration on Windows server and Linux – kerberos (too much work)
- using LikeWiseOpen tool
- using Centrify Suite tool
- using Quest Identity and Access Management tool
Good luck with your servers and I hope this helped you one way or another. In case you have any questions or suggestions, drop a line in the comments bellow.