Adding Unix to Active Directory

Thanks to the Many Roots of All Evil Rants blog for pointing out Likewise-Open to me.  (I tried to post this thanks as a comment, but commenting is either broken or they've given up on notices that the blog owner has comments set to be reviewed.)

Somehow I had never come across Likewise-Open, but basically it takes all of the fiddly bits of adding a *nix machine to Active Directory.  That is correct! No more do you have to mess with NTP, Kerberos, Samba, and Winbind!  Huzzah!  Finally, someone wrapped all of that crap up!

In the article, the poster (who is unnamed, otherwise I'd use it) noted that he was unable to ssh using domain credentials, but could locally.  I found this to be true initially, but it appears that he may have been suffering at the hands of syntax.  I was able to get ssh to work from a *nix host using any of these syntaxes:

ssh 'domain\user'@sshserver
ssh "domain\user"@sshserver
ssh domain\\user@sshserver

As we're a Windows shop, I'm using mRemoteNG as a connection-manager, and it wraps the username in doublequotes automatically, so simply domain\user works there.

Being a Ubuntu server (I'm moving to 12.04 Precise Pagolin), I prefer to keep to the sudo mentality, so I've added this line to my /etc/sudoers:

%ernstinfo\\domain^admins       ALL=(ALL) ALL

This could be done better in terms of granularity, but that's a yak for another day...


1 comment:

  1. Another point of note; if you don't want to keep typing in the domain everywhere and worrying about escaping backslashes, you can set up Likewise/PowerBroker (new name) to use a domain by default. It's very handy. :)