Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials.
http://www.likewise.com/products/likewise_open/There are three ways of installation. I tested them on clean MiniMe 2009 version.
FIRST way(simple, recommended)
1) Getting installer.
From page:
http://www.likewise.com/community/index.php/download/File for downloading:
http://www.likewise.com/bits/summer09/7111/LikewiseIdentityServiceOpen-5.2.0.7111-linux-i386-rpm.sh2) Installation.
2.1) as root
chmod +x ./LikewiseIdentityServiceOpen-5.2.0.7111-linux-i386-rpm.sh
2.2) running
./LikewiseIdentityServiceOpen-5.2.0.7111-linux-i386-rpm.sh
2.3) then go to Control Center and in Services check boxes "On boot" in opposite of "netlogond" and "lwiod"
3) Giving to host name.
3.1) go to 'Control Center' and give our host alias "minime2009"
3.2) add to end of file '/etc/sysconfig/network' string manually
HOSTNAME=minime2009
3.3) run command
hostname minime2009
4) Joining to domain.
4.1) checking and sync time with Domain Controller (DC)
4.2) checking work with DC DNS:
ping DC.domain.local
should be successful
4.3) joining
cd /opt/likewise/bin
and run
./domainjoin-cli join domain.local windowsAdminAccount
In spite of warnings and error: Module not configured [code 0x00080042] it should check in windows Active Directory (AD) snap-in "Users and computers" that MINIME2009 has joined to domain.
5) Editing '/etc/nsswitch.conf'
changing string
hosts: files nis dns
to
hosts: files dns
6) Editing /etc/krb5.conf
change strings
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
to
default_tgs_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
permitted_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
7) Checking.
7.1) running command 'su' as ordinary user in terminal
Example of dialog:
[user@minime2009 ~]$ whoami
user
[user@minime2009 ~]$ su domain.local\\MyDomainAccount
Password:
sh-3.1$ whoami
DOMAIN\MyDomainAccount
7.2) or as root run command "su" twice
Example of dialog:
[root@minime2009 ~]# su domain.local\\MyDomainAccount
sh: /root/.bashrc: Permission denied
[DOMAIN\MyDomainAccount@minime2009 root]$ su
domain.local\\MyDomainAccount
Password:
sh: /root/.bashrc: Permission denied
[DOMAIN\MyDomainAccount@minime2009 root]$ whoami
DOMAIN\MyDomainAccount
[DOMAIN\MyDomainAccount@minime2009 root]$
8 ) General checking.
8.1) Logging out from current session KDE and logging on with AD credential
Username: domain\MyDomainAccount
Password: myADpassword
8.2) in Konsole run whoami
9) Rebooting PC and repeating step 8 to be ensure that all be working later.
SECOND way(not recommended, current development release, for whom likes something fresh, sometime with errors in building scripts, sometime scripts work flawlessly)
1) Installation for RPM building.
1.1) git installation
packet git-core
1.2) tools installation
autoconfig 1:2.63
byacc 1.9-21
automake 1.10.2
libtool-base 1.5.26
bison 2.4.1
flex 2.5.33
rpm-build 4.4.6
1.3) libs-devel installation
libpam-devel 0.99.8.1
libext2fs-devel 1.41.6
libopenssl0.9.8-devel 0.9.8i
libxml2-devel 2.7.3
2) Getting fresh sources.
as root
cd ~
git clone git://git.likewiseopen.org/likewise-open.git likewise-open
3) RPM building.
3.1) do not build GUI version:
# export DISABLE_DJ_GUI=1
3.2) building
cd ~/likewise-open
# build/mkcomp all
# build/mkpkg all
4) RPM installation.
cd ~/likewise-open/staging/packaging/rpm
command 'ls' shows:
likewise-open-domainjoin-5.3.0.35668-1.i586.rpm
likewise-open-eventlog-5.3.0.35668-1.i586.rpm
likewise-open-libs-5.3.0.35668-1.i586.rpm
likewise-open-lsass-5.3.0.35668-1.i586.rpm
likewise-open-lwio-5.3.0.35668-1.i586.rpm
likewise-open-netlogon-5.3.0.35668-1.i586.rpm
likewise-open-rpc-5.3.0.35668-1.i586.rpm
likewise-open-srvsvc-5.3.0.35668-1.i586.rpm
rpm -Uhv likewise-open-*.rpm
Opening Synaptic, searching "likewise-" and watching that all RPMs has green square.
5) Giving to host name.
5.1) go to Control Center and give alias "minime2009"
5.2) add to end of file '/etc/sysconfig/network' manually string
HOSTNAME=minime2009
5.3) run command
hostname minime2009
6) Joining to domain.
6.1) checking and sync time with DC
6.2) checking DNS
ping DC.domain.local
6.3) Making directory
md /var/lib/likewise/run
6.4) joining
cd /opt/likewise/bin
./domainjoin-cli join domain.local windowsAdminAccount
In spite of warnings and error: Module not configured [code 0x00080042] it should checking in AD windows snap-in "Users and computers" that MINIME2009 has joined to domain. (In the previous buildings I have got only warnings and long awaited word SUCCESS).
7) /etc/nsswitch.conf
change string:
hosts: files nis dns
to
hosts: files dns
8 ) /etc/krb5.conf
change strings:
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
to
default_tgs_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
permitted_enctypes = arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc
9) Checking.
An ordinary user should run commands:
whoami
su domain.local\\MyDomainAccount
whoami
10) General checking.
Log out from Current session KDE
and Log on with AD credential
Username: domain\MyDomainAccount
Password: myADpassword
THIRD way(from tarball, not recommended)
Sources can be found here:
http://archives.likewiseopen.org/likewise-open/src/At this moment it presents likewise-open-5.2.0.34223.tar.gz which contains error in building script and not support building without GUI.
Why not upload sources of stable versions at this ideal place is big question for me.
Building from tarball is the same as second way.
SOME NOTES1 If something doesn't go right it should check hostname.
Sometimes it helps to check 'lsassd' service and try to restart it.
The best friend is file '/var/log/message'.
Some tools for debugging is located in '/opt/likewise/bin' their names say what they do.
2 We have windows account names in Latin alphabet. I didn't test if it works with localized names.
