Adding Ubuntu to a Windows Server 2008 Active Directory

This post is a step by step guide for joining an Ubuntu based Operating System to a Windows Server 2008 Active Directory. After a successful join the computer can then be accessed by AD users (as long as they have the required permissions by the administrator). The Operating System used in this example is Ubuntu 9.04 but this guide should work for all Ubuntu/Debian based systems like Backtrack 4. Step 1 Configure nsswitch.conf Firstly, we need to configure the nsswitch.conf configuration file by adding/modifying the hosts line with the files and dns parameters. It is recommended that files should appear before dns. sudo nano /etc/nsswitch.conf

Step 3 Installing likewise-open Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to

Microsoft Active Directory and securely authenticates users with their domain credentials. URL: http://www.likewise.com/products/likewise_open/index.php sudo apt-get install likewise-open

Note that the following ports should be opened by the firewall Port Protocol Use 53 UDP/TCP DNS 88 UDP/TCP Kerberos 123 UDP NTP 137 UDP NetBIOS Name Service 139 TCP NetBIOS Session (SMB) 389 UDP/TCP LDAP 445 TCP SMB over TCP 464 UDP/TCP Machine password changes 3268 TCP Global Catalog search Step 2 Manually registering Domain DNS server (If it is not automatically assigned by DHCP) The server could be registered by modifying the /etc/resolv.conf file although this is NOT recommended since Ubuntus Network Manager plugin overwrites if you reboot your system. Therefore, we need to edit the /etc/dhclient.conf file and add/change the prepend line by adding the DNS server IP sudo nano /etc/dhcp3/dhclient.conf

Then add your Domain DNS servers IPs seperated by comma (,)

Step 3 Resetting the network connection In order for Network Manager to refresh the new settings we need to reset the network connection. Finally we ping a hostname registered with the Domains DNS server in order to make sure that is working sudo ifconfig eth0 down sudo ifconfig eth0 up ping ishlocal.com

Step 4 Registering with domain We can now join the domain by running the following command and authenticating as Administrator (as specified below). sudo domainjoin-cli join ishlocal.com Administrator

Step 5 Reboot and Login Finally, after restarting the system we can login using our Active Directory credentials

As you can see the user is authenticated and further information like fullname is retrieved

Finally, our computer is registered with the Active Directory server