Today I’ll be walking you guys through the final part of integrating Ubuntu and Active Directory installations with a package called Centrify. I was hoping to do it the old-fashioned way in the last post, but this proved too much of a time sink and a frustration due to outdated documentation and manuals – I’ll come back to working with ldapsearch next weekend when I have some more free time. Anyways, let’s look at one of the easier ways to integrate Ubuntu into Active Directory – Centrify. Centrify resides in a nonstandard repository on the oneiric network, so you need to edit your repository lists to include it on your system as follows.
Unfortunately if you’re running Ubuntu 12.10, it will complain about not having the add-apt-repository package. While you would think you could simply throw a sudo apt-get install add-apt-repository at it and all would be well. Nope! You need to install the software-properties-common package to resolve this problem in Ubuntu 12.10. Perform the following:
Now that you’ve added the software along with the correct repositories mentioned above, run a quick :
To make sure that your brand spanking new partner repository lists are completely up to date. Once that’s done, go ahead and install centrifydc :
Success! Now that we’ve installed the centrifydc package, we can join the machine to the domain with the following command :
Now enter the Domain Administrator password, or a similarly privileged account if one exists :
Now I’m going to restart the Ubuntu VM just to be on the safe side, given the warning above, then verify that everything did indeed complete successfully. It’s no surprise that a restart is required for the exact same operation of domain enrolling a machine on Ubuntu or Windows, especially when you’re working with kerberos tickets. Let’s test our domain enrollment now that the machine is rebooted. Run a sudo adinfo.
Magic. Now let’s sign into the workstation using a domain account and see how that goes.
Freaking awesome! This machine has now been domain enrolled and is passing/accepting kerberos tickets from the Active Directory Server, DC01.techstaty.local. Now, let’s move the newly created computer object to the correct OU to keep our DSA nice and organized.
Now that the computer object is in our DSA, let’s take a closer look at it with the NIS Extension tools that I covered in the previous article on LDAP/Ubuntu integration. Yes, I failed at that attempt but I will not be giving up that easy ;)
So looking at the machine here in AD, we can pretty much manipulate it similar to a windows based machine. Along with being pretty cool, this is also a nice way to keep your DSA organized. You could perhaps group them by distro, primary server application etc if you were so inclined. You can even manage the dial-in policies for VPN and remote access via NPS policies. I think that might be a topic for a future article now that I’ve typed that out…
In the next post I’ll be doing another step by step walk through building off of this post, and branching out into working with Samba under a DC. Overall this article was a new experience for me and something that I’m happy to have learned, so I hope you guys enjoyed it as well.