Today I’ll be walking you guys through the final part of integrating Ubuntu and Active Directory installations with a package called Centrify. I was hoping to do it the old-fashioned way in the last post, but this proved too much of a time sink and a frustration due to outdated documentation and manuals – I’ll come back to working with ldapsearch next weekend when I have some more free time. Anyways, let’s look at one of the easier ways to integrate Ubuntu into Active Directory – Centrify. Centrify resides in a nonstandard repository on the oneiric network, so you need to edit your repository lists to include it on your system as follows.
sudo add-apt-repository “deb http://archive.canonical.com/ oneiric partner”
Unfortunately if you’re running Ubuntu 12.10, it will complain about not having the add-apt-repository package. While you would think you could simply throw a sudo apt-get install add-apt-repository at it and all would be well. Nope! You need to install the software-properties-common package to resolve this problem in Ubuntu 12.10. Perform the following:
sudo apt-get update; sudo apt-get install software-properties-common
Now that you’ve added the software along with the correct repositories mentioned above, run a quick :
sudo apt-get update
To make sure that your brand spanking new partner repository lists are completely up to date. Once that’s done, go ahead and install centrifydc :
sudo apt-get install centrifydc
Success! Now that we’ve installed the centrifydc package, we can join the machine to the domain with the following command :
sudo adjoin -w techstaty.local
Now enter the Domain Administrator password, or a similarly privileged account if one exists :
Administrator’s Active Directory password:
Using writable domain controller: dc01.techstaty.local
Join to domain:techstaty.local, zone:Auto Zone successful
Centrify DirectControl started.
Loading domains and trusts information
You have successfully joined the Active Directory domain: techstaty.local
in the Centrify DirectControl zone: Auto Zone
You may need to restart other services that rely upon PAM and NSS or simply
reboot the computer for proper operation. Failure to do so may result in
login problems for AD users.
Now I’m going to restart the Ubuntu VM just to be on the safe side, given the warning above, then verify that everything did indeed complete successfully. It’s no surprise that a restart is required for the exact same operation of domain enrolling a machine on Ubuntu or Windows, especially when you’re working with kerberos tickets. Let’s test our domain enrollment now that the machine is rebooted. Run a sudo adinfo.
sudo adinfo
Local host name: techstaty
Joined to domain: techstaty.local
Joined as: techstaty.techstaty.local
Pre-win2K name: techstaty
Current DC: dc01.techstaty.local
Preferred site: Default-First-Site-Name
Zone: Auto Zone
Last password set: 2012-11-13 19:12:45 PST
CentrifyDC mode: connected
Licensed Features: Disabled
Magic. Now let’s sign into the workstation using a domain account and see how that goes.
login as: techstatyadministrator
techstatyadministrator@192.168.1.137′s password:
Freaking awesome! This machine has now been domain enrolled and is passing/accepting kerberos tickets from the Active Directory Server, DC01.techstaty.local. Now, let’s move the newly created computer object to the correct OU to keep our DSA nice and organized.
Keeping Your Active Directory Clean & Organized
Now that the computer object is in our DSA, let’s take a closer look at it with the NIS Extension tools that I covered in the previous article on LDAP/Ubuntu integration. Yes, I failed at that attempt but I will not be giving up that easy ;)
So looking at the machine here in AD, we can pretty much manipulate it similar to a windows based machine. Along with being pretty cool, this is also a nice way to keep your DSA organized. You could perhaps group them by distro, primary server application etc if you were so inclined. You can even manage the dial-in policies for VPN and remote access via NPS policies. I think that might be a topic for a future article now that I’ve typed that out…
Active Directory & Ubuntu Integration With Centrify
In the next post I’ll be doing another step by step walk through building off of this post, and branching out into working with Samba under a DC. Overall this article was a new experience for me and something that I’m happy to have learned, so I hope you guys enjoyed it as well.
Cheers!
