HOWTO: Active Directory authentication in Ubuntu 8.04 and 8.10
This is a second version of this other guide that applied to previous Ubuntu versions.
Since Ubuntu 8.04 (Hardy Heron), and now Ubuntu 8.10 (Intrepid Ibex) it come the Likewise Open package that makes basic Active Directory authentication in Ubuntu a breeze.
Just follow these steps:
sudo apt-get updatesudo apt-get install likewise-opensudo domainjoin-cli join fqdn.of.your.domain Administratorsudo update-rc.d likewise-open defaultssudo /etc/init.d/likewise-open start
and you can now log into your machine using your DOMAIN\user credentials. Remember that the DOMAIN\ part is mandatory and that it represents the short name of your Active Directory domain. You can join the domain using any user with sufficient privileges (there’s no need to use Administrator), and you can even directly join the PC in a particular OU passing the –ou argument to domainjoin-cli. The fourth point maybe won’t be necessary when Ubuntu 8.04 LTS wil be released because it seems to be a bug in the package (it won’t start likewise on reboot, so if you don’t issue this command it would seem that nothing is working after a reboot).
I’ve just started to use this method on a test machine so I’ll leave more opinions on this product in the future.
EDIT: First impressions
After some days of not so extensive usage, I’ve seen a couple of things that it’s worth notice:
- the likewise-open process seems to “die” from time to time, blocking all your login accesses with a “ERROR” message. Restarting it through init script solves the issue… but it’s something that definitely should not happen
- It informs you on login if your password is going to expire in X days (as set in your GPO). Very nice indeed.
Notes to the readers: if you’re experiencing installation problem, the best way is to report them to the likewise-open-discuss mailing list. There you can contact directly likewise developers (of Samba fame) and solve your problems or doubts.
EDIT2: it seems that with the final Ubuntu 8.04 update, likewise-open package is now 100% stable, I didn’t have a single failure since last update (one week up, while before it died at least once per day)
EDIT3: as mentioned in the comment, with likewise-open 4.x you can add
winbind use default domain = yes
in /etc/samba/lwiauthd.conf so you d’nt have to specify the DOMAIN\ part every time you log in your box.
on April 7, 2008 on 08:35
Interesting, I will have to give this a try. Thanks for the article.
on April 7, 2008 on 17:35
This works great. There is a slight change to step #4, the last word ‘default’ should be ‘defaults’. Thanks for the post.
on April 8, 2008 on 09:58
Eric, thanks for the fix. Damned copy&paste :)
on April 14, 2008 on 12:25
Some problems with the PAMmodule, any ideas?
root@frank-laptop:~# domainjoin-cli join nbs.no Administrator
Joining to AD Domain: nbs.no
With Computer DNS Name: frank-laptop.nbs.no
Administrator@NBS.NO’s password:
Warning: Unknown pam configuration
The likewise PAM module cannot be configured for the common-pammount service. Either this service is unprotected
(does not require a valid password for access), or it is using a pam module that this program is unfamiliar with.
Please email Likewise technical support and include a copy of /etc/pam.conf or /etc/pam.d.
Warning: A resumable error occurred while processing a module
Even though the configuration of ‘pam’ was executed, the configuration did not fully complete. Please contact
Likewise support.
on April 18, 2008 on 03:16
This is a problem that I ran into when trying to setup an active directory and this fixed it. This is an excerpt from: http://technicalmumblings.wordpress.com/
Installing is simple as Likewise-open is now in the repositories:
sudo apt-get install likewise-open
However, I got an error message when trying to join the domain:
“Error: Unable to resolve DC name resolving ‘test.example.org’ failed. Check that the domain name is correctly entered. Also check that your DNS server is reachable, and that your system is configured to use DNS in nsswitch.”
Having checked the nsswitch.conf and resolve.conf files, and having followed the advice on the Ubuntu forums about setting a static IP for the domain joining process, I checked the nsswitch.conf file again and found that the entries for winbind were missing.
My revised /etc/nsswitch.conf looked like:
# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.
passwd: compat winbind lwidentity
group: compat winbind lwidentity
shadow: compat winbind
hosts: files dns winbind
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
on April 23, 2008 on 21:18
[...] -Ubuntu Active Directory integration [...]
on April 25, 2008 on 21:15
one tip is to add domain admins to sudo list, but requires a slightly diff syntax:
%DOMAIN\\domain^admins
needs 2 slashes for some reason.
on April 26, 2008 on 06:54
After executing the command:
sudo domainjoin-cli join felispaopf.NET Administrator
this error occurred:
Error: Manual configuration required
The configuration stage ‘open ports to DC’ cannot be completed automatically. Please manually
perform the following steps and rerun the domain join:
Some required ports on the domain controller could not be contacted. Please update your
firewall settings to ensure that the following ports are open to ‘andreza.PET.NET’:
88 UDP
137 UDP
389 UDP
464 UDP
123 UDP
88 TCP
139 TCP
389 TCP
445 TCP
464 TCP
The client and the server does not have firewall, someone could help me?
on April 26, 2008 on 18:34
This article is interesting. I will give it a try myself.
I have just upgraded to Ubuntu 8.04 that was released on 24th this month.
http://www.ncaditya.com/ubuntu-804-released/
on April 30, 2008 on 13:35
Filipe – The ntpd is not running on your AD server, on the DC check services that Windows time is running
Then configure windows time
C:\>w32tm /config /update /manualpeerlist:”0.pool.ntp.org,0×8 1.pool.ntp.org,0×8 2.pool.ntp.org,0×8 3.pool.ntp.org,0×8″ /syncfromflags:MANUAL
on May 6, 2008 on 05:46
Filipe – 88 is Kerberos service. You forgot to enable it on the DC!
on May 7, 2008 on 04:51
I joined domain successfully but I can’t login with domain account! Just local account is permintted! What’s problem here?
on May 7, 2008 on 05:42
I joined domain successfully but I can’t login with domain account! Just local account is permitted! What’s problem here?
on May 7, 2008 on 08:01
thank you for the article!
on May 7, 2008 on 14:04
I am running Ubuntu Hardy on a Microsoft Active Directory. I was successful joining the domain and a couple of days I was able to login as well with the “domain\username” and AD password.
Then the system crashed and since that time I get an error at login, while I could join the domain.
I tried to reinstall, but without result.
Then I recovered the original config files as far as I was able to locate them, I deleted the folder with the domain user files reinstalled likewise and tried to join the domain again. I am able to join the domain, but I am not able to login with the required username (with domain prefix) and password.
Now I am ran out of ideas.
Please help
on May 9, 2008 on 14:59
Try username@domain.com as your userid.
on May 9, 2008 on 22:13
I am getting the same error as Filipe, and I know that all of those ports are enabled on the DC. Any other ideas?
The client is running a firewall, and has all of those ports opened to the DC.
on May 28, 2008 on 00:59
I had configured samba and winbind on Gutsy. Worked fine. Using that method, I was able to set the configuration files in the etc folder so that users could use their AD logons without having to type the domain name and separator in the Ubuntu logon screen. All they had to do was type in the username. Can likewise be configured to do this too?
on May 28, 2008 on 09:41
@Charlotte: yes, you can do this as well with likewise.
Create a file, for example, in /etc/samba named map.txt, containing the alias map, for example:
username = DOMAIN\username
Then, edit /etc/samba/lwiauthd.conf and make sure it contains:
winbind nss info = lwopen
lwopen:name_map = /etc/samba/map.txt
restart likewise and then you can login with username and not DOMAIN\username, and this will be your real username in the system.
on May 29, 2008 on 00:51
Before I try this, I need clarification. When you say to create an alias map with “username = DOMAIN\username,” does this mean that where your example says “DOMAIN\username,” that I would need an entry for every potential user with my real domain name and the users’ usernames, or do you mean that the entry should literally read as you wrote it, or do you mean that I should use my actual domain name with the generic term “username” after it? (I’d hate to think that I need to map every single user in the AD.)
on May 29, 2008 on 16:18
This functionality is amazing. Thanks a bunch for the howto.
Cheers.
-Tres
on May 30, 2008 on 11:07
@charlotte: I’m sorry to disappoint you but, as Likewise’s developers said on the ML, currently you can’t use wildcards in the map file. So yes, DOMAIN\username it’s the actual name of the user and you have to repeat the association for every user you want to login in that box. Although it’s a PITA, I understand, you can alleviate it by replicating by some method (rsync?) a central map file that you update every time you create an user (because you use a script to create user, don’t you? :)
on May 30, 2008 on 15:58
Thank you. Likewise is probably not the best way for me since I have some Ubuntu workstations that are accessible to every potential user in AD, and it’s unrealistic to expect the users to logon with anything more than their usernames. Using samba and winbind in Gutsy, I was able to close the “winbind separator” option, and this simple step eliminated the need of using the domain name to logon.
I was looking into Likewise because I have so far had trouble with krb5, samba, and winbind on fresh installs of Hardy, but I think it’d be better for me to hammer out these difficulties rather than use Likewise. Thanks again.
on June 7, 2008 on 00:31
Charlotte
winbind use default domain = yes
to the previously mentioned file and it will do what you want.
on June 9, 2008 on 19:27
Great info all!!! This all was helpful getting my ubuntu box connected!
on June 9, 2008 on 22:07
Thanks lawrence, adding the “winbind use default = yes” line to /etc/samba/lwiauthd.conf worked. The AD users no longer need to type the domain name and separator at the logon screen.
on June 9, 2008 on 23:43
@lawrence: thanks, didn’t know that! :)
on July 2, 2008 on 17:46
Charlotte, so did you add just the “use default” line to your lwiauthd.conf, or did you also add the lines mentioned earlier in this thread (i.e., winbind nss info = lwopen and lwopen:name_map = /etc/samba/map.txt)?
Also, do you allow all of your AD users access to your *nix systems, or do you restrict access to only certain users? We have thousands of AD users, but only a few dozen should have access to our *nix servers, so I’m wondering what is the best way to control that.
on July 4, 2008 on 02:20
Sorry, but I need some help too because I’m confused now:
Charlotte used ‘winbind use default = yes’ in the conf file but Lawrence said to use ‘winbind use default domain = yes’ so which one is it?
Do we still need map.txt after Lawrence’s suggestion?
If the map file is needed, should it say ‘username = EXAMPLE.COM\username’ or should it use the extra backwards slash and say ‘username = EXAMPLE.COM\\username’ ??
In the question above, is ‘username’ supposed to be replaced with an actual AD user?
SOrry for the tons of questions, but I’ve spent an hour on this with no luck. Thanks.
on July 11, 2008 on 23:36
Just tested it out on a clean Ubuntu build – took some massaging, but I was able to add the server to the domain. Tested Lawrence’s suggestion – worked like a dream.
So for the record:
Add “winbind use default domain = yes” to /etc/samba/lwiauthd.conf, restart the service and you should be OK.
on July 13, 2008 on 12:20
Please help! I have this error. I cannot connect my ubuntu box to AD although the Administrator password is correct. Any idea? thankz a lot!
renz@mis-6:~$ sudo domainjoin-cli join maokaw.com Administrator
Joining to AD Domain: maokaw.com
With Computer DNS Name: mis-6.maokaw.com
Administrator@maokaw.com’s password:
Could not connect to server controller01.maokaw.com
Connection failed: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Failed to verify membership in domain: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT!
Error: Unable to join domain
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad OU name, or
an existing computer account but not modificiation permissions.
renz@mis-6:~$
on July 15, 2008 on 08:26
I have recently installed Ubuntu 8.04 and already have a Windows 2003 domain. I installed Likewise and have followed all instructions and googled and can not find an answer to my problem. My FQDN of my domain internally is wonder.local and the netbios name is Wonder0. I can ping wonder0 but not wonder.local. In Terminal when i type in
sudo domainjoin-cli join wonder.local stuart
I get
Error: Unable to resolve DC name
Resolving ‘wonder.local’ failed. Check that the domain name is correctly entered. Also check that your DNS server
is reachable, and that your system is configured to use DNS in nsswitch.
When i try
sudo domainjoin-cli join wonder0 stuart
I get
Joining to AD Domain: wonder0
With Computer DNS Name: woollywonder.wonder0
stuart@WONDER0’s password:
[2008/07/15 18:24:29, 0] utils/net_ads.c:ads_startup_int(493)
ads_connect: No logon servers
Failed to contact DC when trying to synchronize local system clock!
None of the domain controllers listed in DNS could be contacted, or there are no DCs listed in DNS.
Error: Unable to join domain
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad
OU name, or an existing computer account but not modificiation permissions.
Can anyone please help?
on May 9, 2009 on 18:07
i found the solution to your problem here
try this:
sudo nano /etc/nsswitch.conf
change the
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
to
hosts: files dns
on July 15, 2008 on 08:29
Please note, the time and date on domain controller and Ubuntu workstation are about 20 seconds apart
on July 24, 2008 on 17:39
I’m using Likewise-open on Solaris and Centos boxes. I just tried the Lawrence suggestion about the “winbind use default domain = yes” add in the /etc/samba/lwiauthd.conf file; that’s amazing.
Unfortunately, I have *two* domains… So, only the trick doesn’t work for all users.
Is there a similar trick to allow a sequential search in multiple domains? Or should I create aliases for those users lying in the second domain?
Best regards
on July 31, 2008 on 19:53
Stuart,
The issue that you are seeing with this error “Error: Unable to join domain ” is caused by mDNS and the Avahi deamon. There is an issue with mDNS and .local domains. To fix the issue edit /etc/nsswitch.conf and change this line:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
to this line
hosts: files dns mdns4_minimal mdns4 winbind
I had to add the FQDN of my domain and domain controllers to the hosts file.
on July 31, 2008 on 20:31
Hi, everyone. I just finished successfully setting up an Ubuntu Hardy 8.04.1 system to (albeit insecurely) successfully authenticate to AD using likewise-open and mount some Windows shares, when connecting via ssh, using pam_mount and cifs.
The likewise-open part went seamlessly (using some of the helpful tips in the comments above).
The pam_mount stuff required a few hacks to work properly. Some of these hacks reduce the level of security and may be avoided in other ways. But, if you are like me, you like to get a working system first. :)
PROBLEM:
1. SSH – ssh won’t work with pam_mount unless you set the following config in your sshd_config file and restart the server:
ChallengeResponseAuthentication no
2. PAM – I use the following PAM config to ensure 1 password prompt for pam_mount:
common-auth – modify the likewise-open line to read:
auth [success=1 default=ignore] /lib/security/pam_lwidentity.so
and add after it (in common-auth or in a service specific file):
auth optional pam_mount.so
then, make sure that this line comes *before* anything in common-session:
session optional pam_mount.so
3. PMVARRUN – pam_mount has this command “pmvarrun” that it uses to increment a count of how many pam_mount sessions a user has running, so that if it thinks the user is logged in by some other means, it will NOT mount/unmount the volumes. This has the adverse effect of breaking pam_mount if it fails to keep track of this counter properly. Since mount and unmount will fail gracefully for most *real* filesystems if they are in use, I usually disable this feature in pam_mount with the following line in pam_mount.conf.xml:
/bin/true
I then make sure that the directory /var/run/pam_mount exists, but is empty. This make pam_mount mount/unmount on every login.
4. UNMOUNT – Finally, when ssh exits, and pam_mount tries to unmount the volumes, it fails, because ssh won’t allow it to set its uid to root to perform the umount operation as root. To get around this (for now), I allow all users to use the umount command via “sudo”. This is obviously a huge security hole, and should be fine-tuned. But, for proving it works, do: sudo visudo and add the following to the sudoers file:
Cmnd_Alias UMOUNT=/bin/umount
ALL ALL=NOPASSWD:UMOUNT
Then, in your pam_mount.conf.xml file, change the umount command to use “sudo umount” instead, like this:
sudo umount %(MNTPT)
I hope this helps someone else. For sure, there are some security issues in the above needing to be addressed. But, if you are needing AD+PAM_MOUNT+SSH (say, for LTSP), this will get you something working.
Cheers!
on August 9, 2008 on 14:24
I made a typo in my post above. The line that Lawrence said must be added to /etc/samba/lwiauthd.conf in order for users to logon without the domain and separator. The correct line is:
winbind use default domain = yes
The map file described by Vide isn’t needed in this case.
on August 20, 2008 on 04:12
[...] HOWTO: Active Directory authentication in Ubuntu 8.04 [...]
on September 10, 2008 on 20:58
I added:
winbind use default domain = yes
to
/etc/samba/lwiauthd.conf
Now when I run
chroot
I get this message:
id: cannot find name for group ID XXXXXXXXXX
Any ideas?
on August 17, 2009 on 16:06
Did you figure this problem out yet? I can authenticate through the DOMAIN but get this error message in terminal…
on September 15, 2008 on 08:41
How do you remove likewise and the setup? Tried this “how to” to merge my Ubuntu pc in the AD, but all I get is an “Error” everytime I log on, and every time I do a “sudo” command..
on September 15, 2008 on 23:15
@Alexander: simply issue a
$ sudo aptitue purge likewise-open
anyway probably if you get the ERROR message chances are that you’ve not started likewise. Try to issue a
$ sudo /etc/init.d/likewise-open restart
on September 30, 2008 on 07:22
Worked like a charm, I tried to join Ubuntu to a domain some time back but could never get to the bottom of why it wouldn’t join. All config was fine but something to do with the domain controllers policy was stopping it. Anyway great tutorial and cheers mate. Its people like you why the Linux community is so strong and why Linux will take over in the world of IT…
on October 6, 2008 on 14:46
I am trying to join in Windows 2000 AD with Ubuntu 8.0.4. I followed the tutorial above and all works fine, I can login as DOMAIN\user. The problem is that, I can only browse through folders on the server that permission level set to everyone. When I try to connect to a folder that permission is applied to some selected users, first it asks for my password then it says “Unable to Mount Folder”. Now when I try to connect to that folder it says “You do not have permissions necessary to view the contents of “FolderName”". Needless to say I’ve already gave the necessary permission to my linux user. Any idea how I can solve this?
Thanks,
on October 14, 2008 on 10:00
I manage to join my ubuntu with the AD server.. but my question is ..how to configure the AD user to use login shell automatically each time login into the linux?
on November 3, 2008 on 10:38
[...] HOWTO: Active Directory authentication in Ubuntu 8.04 and 8.10 [...]
on November 7, 2008 on 00:05
I have likewise open working well. The problem I have is when I try to login using cached credential the login is successful but the home directory is different than the one used when I am online. I supposed that the problem was an alias I had but I deleted it and the problem remained unsolved.
The rests of the features are working.
Any idea??
on November 12, 2008 on 02:37
The only way that I’ve found to restrict logins based on group membership is via the AllowGroups directive in sshd_config. Does anyone else have a better idea? I tried messing with the valid users directive in lwiauthd.conf with no luck.
BTW, the sshd config line looks like :
AllowGroups someDomainGroup
So take note that you don’t include the domain name here …. which may cause issues in multiple domain situations.
on November 12, 2008 on 02:43
I just found a much better way that is integrated into the likewise configuration :
edit /etc/security/pam_lwidentity.conf with the line :
require_membership_of = DOMAIN\someDomainGroup
voila! Worked like a charm.
on November 18, 2008 on 22:24
Does anyone know how to add and configure nis on this setting? Using samba/winbind, i’m able to add nis and automount it once users login using their AD credential. I successfully installed likewise which was fantastic. Now i need to figure out how to set automounting their shared home directories…
Thanks.
on December 11, 2008 on 18:55
1) As Hector is trying to do, I am trying to map the Active Directory username’s home directory to “Places->Home” folder. How?
2) I also want to restrict local machine permissions. How?
3) Finally, I want to know how I can login to the computer as local admin/root now that I have it configured to default to the domain login. I DID give the domain’s administrator remote access. I guess would we just login as the domain’s admin, and sudo into the terminal?
Thanks Vide, for posting this, and thanks Lawrence and others for adding some cool features to this. Very nice.
BTW, this works like a charm for Ubuntu 8.10 as well as 8.04 (not just 8.04)
on December 11, 2008 on 19:06
Not quite sure what happened to my last comment that I just made. My guess is its in the moderation que or something (although I thought I saw it immediately show up when I posted it).
Anyway, I have another question:
After getting things configured to default to DOMAIN login, and I do login as myself (non administrator on the AD server), I get the following error:
Internal Error: Failed to Initiate HAL
Anyone know how to get this to go away, and what the problem is?
- David
on December 17, 2008 on 14:13
Well this worked for us here. Using 8.04 on a couple of test machines and laptops and they are now both fully working on our domain. Nicely explained and we managed to do it 1st go once we read through and made sure what we were doing. Was using Likewise-Open but the above seems to not depend on any of that.
Most educational!
TxRx
on December 22, 2008 on 23:53
I had the same problem where it said, Error: Unable to resolve DC name , make sure dns is used in nsswitch or something similar…
whole reason was because, my domain name is visibility.com
but my fqdn is internal.visibility.com, and i wasn’t typing the internal part,
If you want to check the fqdn of your pc, log on to a pc that is in the domain, right-click my computer, go to properties, then click the computer name tab, it should list ex: yourpcname.internal.visibility.com
whatever comes after your pc name is your fqdn that you need to type in terminal
domainjoin-cli join internal.visibility.com administrator <-what mine looks like
on January 24, 2009 on 03:37
[...] to this post for helping with this portion. The steps [...]
on February 21, 2009 on 00:16
Hi Folks,
thank you for diskussing all the problems I run into …
Due to this howto I managed to get the following working:
Ubuntu 8.04
Likewise Open
pam-mount
I changed pam.d/gdm, common-auth, common-session, /etc/security/pam_mount.conf.xml and /etc/ssh/sshd_config
everything works fine, I can log on, get my Windows-folder via pam_mount and can work just how I want to.
But: the mounted directory does not get unmounted.
I do not get any errors in the /var/log/auth
There is nothing to see which is somehow telling me that pam is trying to unmount at all.
it simply sais:
Feb 20 22:53:10 ubuntu sshd[18624]: pam_mount(pam_mount.c:134) clean system authtok (0)
I am sure this is something simple and I just forgot to do something, but I am stuck.
Any suggestions?
Roland
on February 25, 2009 on 08:19
i need the comments in ubuntu 8.04 to configure nis server and client
on March 2, 2009 on 15:45
So I followed all of the steps, and it said I joined the domain successfully. I even show the computer in Active Directory. However, when I restart the machine it doesn’t prompt me for my network credentials. It’s just the local username/password of the machine as if it had never happened.
What am I doing wrong here?
on March 13, 2009 on 00:19
I am wondering if there is a why to use the groups from active Directory to allow access to shared folders (by samba) to Windows users. So my File Share server will be an Ubuntu Intrepid, but the users on the network have Windows XP and Vista
on March 21, 2009 on 14:52
#
Please help! I have this error. I cannot connect my ubuntu box to AD although the Administrator password is correct. Any idea? thankz a lot!
renz@mis-6:~$ sudo domainjoin-cli join maokaw.com Administrator
Joining to AD Domain: maokaw.com
With Computer DNS Name: mis-6.maokaw.com
Administrator@maokaw.com’s password:
Could not connect to server controller01.maokaw.com
Connection failed: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Failed to verify membership in domain: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT!
Error: Unable to join domain
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad OU name, or
an existing computer account but not modificiation permissions.
renz@mis-6:~$
#
Stuart said
July 15, 2008 at 8:26 am
I have recently installed Ubuntu 8.04 and already have a Windows 2003 domain. I installed Likewise and have followed all instructions and googled and can not find an answer to my problem. My FQDN of my domain internally is wonder.local and the netbios name is Wonder0. I can ping wonder0 but not wonder.local. In Terminal when i type in
sudo domainjoin-cli join wonder.local stuart
I get
Error: Unable to resolve DC name
Resolving ‘wonder.local’ failed. Check that the domain name is correctly entered. Also check that your DNS server
is reachable, and that your system is configured to use DNS in nsswitch.
When i try
sudo domainjoin-cli join wonder0 stuart
I get
Joining to AD Domain: wonder0
With Computer DNS Name: woollywonder.wonder0
stuart@WONDER0’s password:
[2008/07/15 18:24:29, 0] utils/net_ads.c:ads_startup_int(493)
ads_connect: No logon servers
Failed to contact DC when trying to synchronize local system clock!
None of the domain controllers listed in DNS could be contacted, or there are no DCs listed in DNS.
Error: Unable to join domain
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad
OU name, or an existing computer account but not modificiation permissions.
Can anyone please help?
on March 21, 2009 on 14:53
can u use ubuntu server. r else what is the best server in linux
please replay
r.mani2006@gmail.com
on May 14, 2009 on 21:55
[...] When my old boss at Websense first introduced me to the world of Linux, being from a Windows shop, I naturally asked him how to join my Linux workstation to the domain. He of course said, “Why would you want to do that? Don’t taint the pureness of open source!” So I never pressed the issue. That is, until yesterday afternoon. I decided to give it a go again, and I have to tell you they have made it really easy. I read some blog posts on this before, and it used to be kind of a pain in the arse to do it. Not any more with the use of LikeWise Open which is available in the Ubuntu repositories. To install it and set it up, just do the following steps (Via AnotherSysadmin.WordPress.Com): [...]
on June 9, 2009 on 06:14
Thanks Vide, this worked perfectly for me as is, on a fresh fully updated Jaunty (Kubuntu) install.
on June 18, 2009 on 21:38
[...] We needs to rebuild our aging squid server and came accross this alternate way to bind with AD HOWTO: Active Directory authentication in Ubuntu 8.04 and 8.10 The eternal fight between admins and … Anyone tried [...]
on October 23, 2009 on 16:43
Thanks for this. It’s been a while since you wrote this. On ubuntu 9.04 it works like a breeze.
on October 29, 2009 on 14:40
[...] anothersysadmin [...]