HOWTO: Active Directory authentication in Ubuntu 8.04 and 8.10
Posted by Vide on April 6, 2008
This is a second version of this other guide that applied to previous Ubuntu versions.
Since Ubuntu 8.04 (Hardy Heron), and now Ubuntu 8.10 (Intrepid Ibex) it come the Likewise Open package that makes basic Active Directory authentication in Ubuntu a breeze.
Just follow these steps:
sudo apt-get updatesudo apt-get install likewise-opensudo domainjoin-cli join fqdn.of.your.domain Administratorsudo update-rc.d likewise-open defaultssudo /etc/init.d/likewise-open start
and you can now log into your machine using your DOMAIN\user credentials. Remember that the DOMAIN\ part is mandatory and that it represents the short name of your Active Directory domain. You can join the domain using any user with sufficient privileges (there’s no need to use Administrator), and you can even directly join the PC in a particular OU passing the –ou argument to domainjoin-cli. The fourth point maybe won’t be necessary when Ubuntu 8.04 LTS wil be released because it seems to be a bug in the package (it won’t start likewise on reboot, so if you don’t issue this command it would seem that nothing is working after a reboot).
I’ve just started to use this method on a test machine so I’ll leave more opinions on this product in the future.
EDIT: First impressions
After some days of not so extensive usage, I’ve seen a couple of things that it’s worth notice:
- the likewise-open process seems to “die” from time to time, blocking all your login accesses with a “ERROR” message. Restarting it through init script solves the issue… but it’s something that definitely should not happen
- It informs you on login if your password is going to expire in X days (as set in your GPO). Very nice indeed.
Notes to the readers: if you’re experiencing installation problem, the best way is to report them to the likewise-open-discuss mailing list. There you can contact directly likewise developers (of Samba fame) and solve your problems or doubts.
EDIT2: it seems that with the final Ubuntu 8.04 update, likewise-open package is now 100% stable, I didn’t have a single failure since last update (one week up, while before it died at least once per day)
EDIT3: as mentioned in the comment, with likewise-open 4.x you can add
winbind use default domain = yes
in /etc/samba/lwiauthd.conf so you d’nt have to specify the DOMAIN\ part every time you log in your box.
Joshua Chase said
Interesting, I will have to give this a try. Thanks for the article.
Eric Lockhart said
This works great. There is a slight change to step #4, the last word ‘default’ should be ‘defaults’. Thanks for the post.
Vide said
Eric, thanks for the fix. Damned copy&paste :)
Frank said
Some problems with the PAMmodule, any ideas?
root@frank-laptop:~# domainjoin-cli join nbs.no Administrator
Joining to AD Domain: nbs.no
With Computer DNS Name: frank-laptop.nbs.no
Administrator@NBS.NO’s password:
Warning: Unknown pam configuration
The likewise PAM module cannot be configured for the common-pammount service. Either this service is unprotected
(does not require a valid password for access), or it is using a pam module that this program is unfamiliar with.
Please email Likewise technical support and include a copy of /etc/pam.conf or /etc/pam.d.
Warning: A resumable error occurred while processing a module
Even though the configuration of ‘pam’ was executed, the configuration did not fully complete. Please contact
Likewise support.
Joshua said
This is a problem that I ran into when trying to setup an active directory and this fixed it. This is an excerpt from: http://technicalmumblings.wordpress.com/
Installing is simple as Likewise-open is now in the repositories:
sudo apt-get install likewise-open
However, I got an error message when trying to join the domain:
“Error: Unable to resolve DC name [code 0x00080026]resolving ‘test.example.org’ failed. Check that the domain name is correctly entered. Also check that your DNS server is reachable, and that your system is configured to use DNS in nsswitch.”
Having checked the nsswitch.conf and resolve.conf files, and having followed the advice on the Ubuntu forums about setting a static IP for the domain joining process, I checked the nsswitch.conf file again and found that the entries for winbind were missing.
My revised /etc/nsswitch.conf looked like:
# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.
passwd: compat winbind lwidentity
group: compat winbind lwidentity
shadow: compat winbind
hosts: files dns winbind
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
LC - episode #008 at Linuxcrypt.net Podcast said
[...] -Ubuntu Active Directory integration [...]
Flint Dominic said
one tip is to add domain admins to sudo list, but requires a slightly diff syntax:
%DOMAIN\\domain^admins
needs 2 slashes for some reason.
Felipe Fiorini said
After executing the command:
sudo domainjoin-cli join felispaopf.NET Administrator
this error occurred:
Error: Manual configuration required [code 0x00080043]
The configuration stage 'open ports to DC' cannot be completed automatically. Please manually
perform the following steps and rerun the domain join:
Some required ports on the domain controller could not be contacted. Please update your
firewall settings to ensure that the following ports are open to 'andreza.PET.NET':
88 UDP
137 UDP
389 UDP
464 UDP
123 UDP
88 TCP
139 TCP
389 TCP
445 TCP
464 TCP
The client and the server does not have firewall, someone could help me?
ncaditya.com said
This article is interesting. I will give it a try myself.
I have just upgraded to Ubuntu 8.04 that was released on 24th this month.
http://www.ncaditya.com/ubuntu-804-released/
Clas said
Filipe – The ntpd is not running on your AD server, on the DC check services that Windows time is running
Then configure windows time
C:\>w32tm /config /update /manualpeerlist:”0.pool.ntp.org,0×8 1.pool.ntp.org,0×8 2.pool.ntp.org,0×8 3.pool.ntp.org,0×8″ /syncfromflags:MANUAL
dongthao said
Filipe – 88 is Kerberos service. You forgot to enable it on the DC!
dongthao said
I joined domain successfully but I can’t login with domain account! Just local account is permintted! What’s problem here?
dongthao said
I joined domain successfully but I can’t login with domain account! Just local account is permitted! What’s problem here?
ilja said
thank you for the article!
henku said
I am running Ubuntu Hardy on a Microsoft Active Directory. I was successful joining the domain and a couple of days I was able to login as well with the “domain\username” and AD password.
Then the system crashed and since that time I get an error at login, while I could join the domain.
I tried to reinstall, but without result.
Then I recovered the original config files as far as I was able to locate them, I deleted the folder with the domain user files reinstalled likewise and tried to join the domain again. I am able to join the domain, but I am not able to login with the required username (with domain prefix) and password.
Now I am ran out of ideas.
Please help
JeremyinNC said
Try username@domain.com as your userid.
gmcalp said
I am getting the same error as Filipe, and I know that all of those ports are enabled on the DC. Any other ideas?
The client is running a firewall, and has all of those ports opened to the DC.
Charlotte said
I had configured samba and winbind on Gutsy. Worked fine. Using that method, I was able to set the configuration files in the etc folder so that users could use their AD logons without having to type the domain name and separator in the Ubuntu logon screen. All they had to do was type in the username. Can likewise be configured to do this too?
Vide said
@Charlotte: yes, you can do this as well with likewise.
Create a file, for example, in /etc/samba named map.txt, containing the alias map, for example:
username = DOMAIN\username
Then, edit /etc/samba/lwiauthd.conf and make sure it contains:
winbind nss info = lwopen
lwopen:name_map = /etc/samba/map.txt
restart likewise and then you can login with username and not DOMAIN\username, and this will be your real username in the system.
Charlotte said
Before I try this, I need clarification. When you say to create an alias map with “username = DOMAIN\username,” does this mean that where your example says “DOMAIN\username,” that I would need an entry for every potential user with my real domain name and the users’ usernames, or do you mean that the entry should literally read as you wrote it, or do you mean that I should use my actual domain name with the generic term “username” after it? (I’d hate to think that I need to map every single user in the AD.)
Tres said
This functionality is amazing. Thanks a bunch for the howto.
Cheers.
-Tres
Vide said
@charlotte: I’m sorry to disappoint you but, as Likewise’s developers said on the ML, currently you can’t use wildcards in the map file. So yes, DOMAIN\username it’s the actual name of the user and you have to repeat the association for every user you want to login in that box. Although it’s a PITA, I understand, you can alleviate it by replicating by some method (rsync?) a central map file that you update every time you create an user (because you use a script to create user, don’t you? :)
Charlotte said
Thank you. Likewise is probably not the best way for me since I have some Ubuntu workstations that are accessible to every potential user in AD, and it’s unrealistic to expect the users to logon with anything more than their usernames. Using samba and winbind in Gutsy, I was able to close the “winbind separator” option, and this simple step eliminated the need of using the domain name to logon.
I was looking into Likewise because I have so far had trouble with krb5, samba, and winbind on fresh installs of Hardy, but I think it’d be better for me to hammer out these difficulties rather than use Likewise. Thanks again.
lawrence said
Charlotte
winbind use default domain = yes
to the previously mentioned file and it will do what you want.
Marc said
Great info all!!! This all was helpful getting my ubuntu box connected!
Charlotte said
Thanks lawrence, adding the “winbind use default = yes” line to /etc/samba/lwiauthd.conf worked. The AD users no longer need to type the domain name and separator at the logon screen.
Vide said
@lawrence: thanks, didn’t know that! :)
Bill said
Charlotte, so did you add just the “use default” line to your lwiauthd.conf, or did you also add the lines mentioned earlier in this thread (i.e., winbind nss info = lwopen and lwopen:name_map = /etc/samba/map.txt)?
Also, do you allow all of your AD users access to your *nix systems, or do you restrict access to only certain users? We have thousands of AD users, but only a few dozen should have access to our *nix servers, so I’m wondering what is the best way to control that.
Matt B said
Sorry, but I need some help too because I’m confused now:
Charlotte used ‘winbind use default = yes’ in the conf file but Lawrence said to use ‘winbind use default domain = yes’ so which one is it?
Do we still need map.txt after Lawrence’s suggestion?
If the map file is needed, should it say ‘username = EXAMPLE.COM\username’ or should it use the extra backwards slash and say ‘username = EXAMPLE.COM\\username’ ??
In the question above, is ‘username’ supposed to be replaced with an actual AD user?
SOrry for the tons of questions, but I’ve spent an hour on this with no luck. Thanks.
Mike M said
Just tested it out on a clean Ubuntu build – took some massaging, but I was able to add the server to the domain. Tested Lawrence’s suggestion – worked like a dream.
So for the record:
Add “winbind use default domain = yes” to /etc/samba/lwiauthd.conf, restart the service and you should be OK.
renz said
Please help! I have this error. I cannot connect my ubuntu box to AD although the Administrator password is correct. Any idea? thankz a lot!
renz@mis-6:~$ sudo domainjoin-cli join maokaw.com Administrator
Joining to AD Domain: maokaw.com
With Computer DNS Name: mis-6.maokaw.com
Administrator@maokaw.com’s password:
Could not connect to server controller01.maokaw.com
Connection failed: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Failed to verify membership in domain: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT!
Error: Unable to join domain [code 0x0008000e]
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad OU name, or
an existing computer account but not modificiation permissions.
renz@mis-6:~$
Stuart said
I have recently installed Ubuntu 8.04 and already have a Windows 2003 domain. I installed Likewise and have followed all instructions and googled and can not find an answer to my problem. My FQDN of my domain internally is wonder.local and the netbios name is Wonder0. I can ping wonder0 but not wonder.local. In Terminal when i type in
sudo domainjoin-cli join wonder.local stuart
I get
Error: Unable to resolve DC name [code 0x00080026]
Resolving 'wonder.local' failed. Check that the domain name is correctly entered. Also check that your DNS server
is reachable, and that your system is configured to use DNS in nsswitch.
When i try
sudo domainjoin-cli join wonder0 stuart
I get
Joining to AD Domain: wonder0
With Computer DNS Name: woollywonder.wonder0
stuart@WONDER0's password:
[2008/07/15 18:24:29, 0] utils/net_ads.c:ads_startup_int(493)
ads_connect: No logon servers
Failed to contact DC when trying to synchronize local system clock!
None of the domain controllers listed in DNS could be contacted, or there are no DCs listed in DNS.
Error: Unable to join domain [code 0x0008000e]
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad
OU name, or an existing computer account but not modificiation permissions.
Can anyone please help?
what said
i found the solution to your problem here
try this:
sudo nano /etc/nsswitch.conf
change the
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
to
hosts: files dns
Stuart said
Please note, the time and date on domain controller and Ubuntu workstation are about 20 seconds apart
Stéphanie Lanthier said
I’m using Likewise-open on Solaris and Centos boxes. I just tried the Lawrence suggestion about the “winbind use default domain = yes” add in the /etc/samba/lwiauthd.conf file; that’s amazing.
Unfortunately, I have *two* domains… So, only the trick doesn’t work for all users.
Is there a similar trick to allow a sequential search in multiple domains? Or should I create aliases for those users lying in the second domain?
Best regards
Jerick said
Stuart,
The issue that you are seeing with this error “Error: Unable to join domain [code 0x0008000e]" is caused by mDNS and the Avahi deamon. There is an issue with mDNS and .local domains. To fix the issue edit /etc/nsswitch.conf and change this line:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
to this line
hosts: files dns mdns4_minimal mdns4 winbind
I had to add the FQDN of my domain and domain controllers to the hosts file.
Gadi said
Hi, everyone. I just finished successfully setting up an Ubuntu Hardy 8.04.1 system to (albeit insecurely) successfully authenticate to AD using likewise-open and mount some Windows shares, when connecting via ssh, using pam_mount and cifs.
The likewise-open part went seamlessly (using some of the helpful tips in the comments above).
The pam_mount stuff required a few hacks to work properly. Some of these hacks reduce the level of security and may be avoided in other ways. But, if you are like me, you like to get a working system first. :)
PROBLEM:
1. SSH – ssh won’t work with pam_mount unless you set the following config in your sshd_config file and restart the server:
ChallengeResponseAuthentication no
2. PAM – I use the following PAM config to ensure 1 password prompt for pam_mount:
common-auth – modify the likewise-open line to read:
auth [success=1 default=ignore] /lib/security/pam_lwidentity.so
and add after it (in common-auth or in a service specific file):
auth optional pam_mount.so
then, make sure that this line comes *before* anything in common-session:
session optional pam_mount.so
3. PMVARRUN – pam_mount has this command “pmvarrun” that it uses to increment a count of how many pam_mount sessions a user has running, so that if it thinks the user is logged in by some other means, it will NOT mount/unmount the volumes. This has the adverse effect of breaking pam_mount if it fails to keep track of this counter properly. Since mount and unmount will fail gracefully for most *real* filesystems if they are in use, I usually disable this feature in pam_mount with the following line in pam_mount.conf.xml:
/bin/true
I then make sure that the directory /var/run/pam_mount exists, but is empty. This make pam_mount mount/unmount on every login.
4. UNMOUNT – Finally, when ssh exits, and pam_mount tries to unmount the volumes, it fails, because ssh won’t allow it to set its uid to root to perform the umount operation as root. To get around this (for now), I allow all users to use the umount command via “sudo”. This is obviously a huge security hole, and should be fine-tuned. But, for proving it works, do: sudo visudo and add the following to the sudoers file:
Cmnd_Alias UMOUNT=/bin/umount
ALL ALL=NOPASSWD:UMOUNT
Then, in your pam_mount.conf.xml file, change the umount command to use “sudo umount” instead, like this:
sudo umount %(MNTPT)
I hope this helps someone else. For sure, there are some security issues in the above needing to be addressed. But, if you are needing AD+PAM_MOUNT+SSH (say, for LTSP), this will get you something working.
Cheers!
Charlotte said
I made a typo in my post above. The line that Lawrence said must be added to /etc/samba/lwiauthd.conf in order for users to logon without the domain and separator. The correct line is:
winbind use default domain = yes
The map file described by Vide isn’t needed in this case.
Como autenticar no AD com Ubuntu at Another Geek Blog said
[...] HOWTO: Active Directory authentication in Ubuntu 8.04 [...]
Farles said
I added:
winbind use default domain = yes
to
/etc/samba/lwiauthd.conf
Now when I run
chroot
I get this message:
id: cannot find name for group ID XXXXXXXXXX
Any ideas?
Alexander Vassbotn Røyne said
How do you remove likewise and the setup? Tried this “how to” to merge my Ubuntu pc in the AD, but all I get is an “Error” everytime I log on, and every time I do a “sudo” command..
Vide said
@Alexander: simply issue a
$ sudo aptitue purge likewise-open
anyway probably if you get the ERROR message chances are that you’ve not started likewise. Try to issue a
$ sudo /etc/init.d/likewise-open restart
7h35ur930n said
Worked like a charm, I tried to join Ubuntu to a domain some time back but could never get to the bottom of why it wouldn’t join. All config was fine but something to do with the domain controllers policy was stopping it. Anyway great tutorial and cheers mate. Its people like you why the Linux community is so strong and why Linux will take over in the world of IT…
PardusLynx said
I am trying to join in Windows 2000 AD with Ubuntu 8.0.4. I followed the tutorial above and all works fine, I can login as DOMAIN\user. The problem is that, I can only browse through folders on the server that permission level set to everyone. When I try to connect to a folder that permission is applied to some selected users, first it asks for my password then it says “Unable to Mount Folder”. Now when I try to connect to that folder it says “You do not have permissions necessary to view the contents of “FolderName”". Needless to say I’ve already gave the necessary permission to my linux user. Any idea how I can solve this?
Thanks,
asrul said
I manage to join my ubuntu with the AD server.. but my question is ..how to configure the AD user to use login shell automatically each time login into the linux?
unix86.org » Samba Integrate into Active Directory said
[...] HOWTO: Active Directory authentication in Ubuntu 8.04 and 8.10 [...]
Hector said
I have likewise open working well. The problem I have is when I try to login using cached credential the login is successful but the home directory is different than the one used when I am online. I supposed that the problem was an alias I had but I deleted it and the problem remained unsolved.
The rests of the features are working.
Any idea??
Cameron said
The only way that I’ve found to restrict logins based on group membership is via the AllowGroups directive in sshd_config. Does anyone else have a better idea? I tried messing with the valid users directive in lwiauthd.conf with no luck.
BTW, the sshd config line looks like :
AllowGroups someDomainGroup
So take note that you don’t include the domain name here …. which may cause issues in multiple domain situations.
Cameron said
I just found a much better way that is integrated into the likewise configuration :
edit /etc/security/pam_lwidentity.conf with the line :
require_membership_of = DOMAIN\someDomainGroup
voila! Worked like a charm.
girly said
Does anyone know how to add and configure nis on this setting? Using samba/winbind, i’m able to add nis and automount it once users login using their AD credential. I successfully installed likewise which was fantastic. Now i need to figure out how to set automounting their shared home directories…
Thanks.
David said
1) As Hector is trying to do, I am trying to map the Active Directory username’s home directory to “Places->Home” folder. How?
2) I also want to restrict local machine permissions. How?
3) Finally, I want to know how I can login to the computer as local admin/root now that I have it configured to default to the domain login. I DID give the domain’s administrator remote access. I guess would we just login as the domain’s admin, and sudo into the terminal?
Thanks Vide, for posting this, and thanks Lawrence and others for adding some cool features to this. Very nice.
BTW, this works like a charm for Ubuntu 8.10 as well as 8.04 (not just 8.04)
David said
Not quite sure what happened to my last comment that I just made. My guess is its in the moderation que or something (although I thought I saw it immediately show up when I posted it).
Anyway, I have another question:
After getting things configured to default to DOMAIN login, and I do login as myself (non administrator on the AD server), I get the following error:
Internal Error: Failed to Initiate HAL
Anyone know how to get this to go away, and what the problem is?
- David
TxRx said
Well this worked for us here. Using 8.04 on a couple of test machines and laptops and they are now both fully working on our domain. Nicely explained and we managed to do it 1st go once we read through and made sure what we were doing. Was using Likewise-Open but the above seems to not depend on any of that.
Most educational!
TxRx
ashley said
I had the same problem where it said, Error: Unable to resolve DC name [code 0x00080026] , make sure dns is used in nsswitch or something similar...
whole reason was because, my domain name is visibility.com
but my fqdn is internal.visibility.com, and i wasn't typing the internal part,
If you want to check the fqdn of your pc, log on to a pc that is in the domain, right-click my computer, go to properties, then click the computer name tab, it should list ex: yourpcname.internal.visibility.com
whatever comes after your pc name is your fqdn that you need to type in terminal
domainjoin-cli join internal.visibility.com administrator <-what mine looks like
Integrasi AD di Ubuntu Hardy Heron « Tr4ck1n9’s Blog said
[...] to this post for helping with this portion. The steps [...]
Roland said
Hi Folks,
thank you for diskussing all the problems I run into …
Due to this howto I managed to get the following working:
Ubuntu 8.04
Likewise Open
pam-mount
I changed pam.d/gdm, common-auth, common-session, /etc/security/pam_mount.conf.xml and /etc/ssh/sshd_config
everything works fine, I can log on, get my Windows-folder via pam_mount and can work just how I want to.
But: the mounted directory does not get unmounted.
I do not get any errors in the /var/log/auth
There is nothing to see which is somehow telling me that pam is trying to unmount at all.
it simply sais:
Feb 20 22:53:10 ubuntu sshd[18624]: pam_mount(pam_mount.c:134) clean system authtok (0)
I am sure this is something simple and I just forgot to do something, but I am stuck.
Any suggestions?
Roland
azeez said
i need the comments in ubuntu 8.04 to configure nis server and client
Cinmachina said
So I followed all of the steps, and it said I joined the domain successfully. I even show the computer in Active Directory. However, when I restart the machine it doesn’t prompt me for my network credentials. It’s just the local username/password of the machine as if it had never happened.
What am I doing wrong here?
David HC said
I am wondering if there is a why to use the groups from active Directory to allow access to shared folders (by samba) to Windows users. So my File Share server will be an Ubuntu Intrepid, but the users on the network have Windows XP and Vista
rajamani said
#
Please help! I have this error. I cannot connect my ubuntu box to AD although the Administrator password is correct. Any idea? thankz a lot!
renz@mis-6:~$ sudo domainjoin-cli join maokaw.com Administrator
Joining to AD Domain: maokaw.com
With Computer DNS Name: mis-6.maokaw.com
Administrator@maokaw.com’s password:
Could not connect to server controller01.maokaw.com
Connection failed: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Failed to verify membership in domain: NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT!
Error: Unable to join domain [code 0x0008000e]
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad OU name, or
an existing computer account but not modificiation permissions.
renz@mis-6:~$
#
Stuart said
July 15, 2008 at 8:26 am
I have recently installed Ubuntu 8.04 and already have a Windows 2003 domain. I installed Likewise and have followed all instructions and googled and can not find an answer to my problem. My FQDN of my domain internally is wonder.local and the netbios name is Wonder0. I can ping wonder0 but not wonder.local. In Terminal when i type in
sudo domainjoin-cli join wonder.local stuart
I get
Error: Unable to resolve DC name [code 0x00080026]
Resolving ‘wonder.local’ failed. Check that the domain name is correctly entered. Also check that your DNS server
is reachable, and that your system is configured to use DNS in nsswitch.
When i try
sudo domainjoin-cli join wonder0 stuart
I get
Joining to AD Domain: wonder0
With Computer DNS Name: woollywonder.wonder0
stuart@WONDER0’s password:
[2008/07/15 18:24:29, 0] utils/net_ads.c:ads_startup_int(493)
ads_connect: No logon servers
Failed to contact DC when trying to synchronize local system clock!
None of the domain controllers listed in DNS could be contacted, or there are no DCs listed in DNS.
Error: Unable to join domain [code 0x0008000e]
Creating the computer account in Active Directory failed. Common causes are a bad administrator password, a bad
OU name, or an existing computer account but not modificiation permissions.
Can anyone please help?
rajamani said
can u use ubuntu server. r else what is the best server in linux
please replay
r.mani2006@gmail.com
How can I join a Ubuntu machine to my domain? | Ask The Admin said
[...] When my old boss at Websense first introduced me to the world of Linux, being from a Windows shop, I naturally asked him how to join my Linux workstation to the domain. He of course said, “Why would you want to do that? Don’t taint the pureness of open source!” So I never pressed the issue. That is, until yesterday afternoon. I decided to give it a go again, and I have to tell you they have made it really easy. I read some blog posts on this before, and it used to be kind of a pain in the arse to do it. Not any more with the use of LikeWise Open which is available in the Ubuntu repositories. To install it and set it up, just do the following steps (Via AnotherSysadmin.WordPress.Com): [...]
Lindsay Mathieson said
Thanks Vide, this worked perfectly for me as is, on a fresh fully updated Jaunty (Kubuntu) install.
Squid Ubuntu 8.04 LTS said
[...] We needs to rebuild our aging squid server and came accross this alternate way to bind with AD HOWTO: Active Directory authentication in Ubuntu 8.04 and 8.10 The eternal fight between admins and … Anyone tried [...]