Home > open source, oss, ubuntu > Linux and the Active Directory

Linux and the Active Directory

May 28th, 2008 Leave a comment Go to comments
No Gravatar

(update: may 29., as a result of feedback)

As a Linux fan, I’m in minority in a company I work. Or at least if we look at the fact that there are about 140 Windows workstations, and just about 3 Linux workstations. – This is a result of company policy and the lack of time and knowledge at support level. This might change, but it would need really lot of time.

For those windows workstations, there are of course an NT domain defined, which is controlled with Active Directory (AD). As the member of the team I need to access shares of co-workers and the central file server. I use Ubuntu, and I just hate typing my password each time into Nautilus, Krusader, or whatever I would like to use to access those shares. And there is a “problem” with password expiration, etc. So I tried to simplify my life, and after some searching and tweaking, I realized that AD form my perspective is nothing but a Kerberos and LDAP server. So I only need to log in into a AD, with kerberos, and everything is going to be just fine.

Note: I did this about 2 years ago, so I might miss something… But we’ll correct that…

What I need is a kerberos client.

sudo apt-get install krb5-clients krb5-user

Now, you should have /etc/krb5.conf file.

Let’s assume that the NT domain you want to use is DOLLAR.EX.COM.

You need to edit the /etc/krb5.conf file, with your favorite editor. Just follow the next steps:

  1. Find a line [libdefaults] – this used to be the first line. Add the new line just after it, that looks like this:

    default_realm = DOLLAR.EX.COM
    clockskew = 300
  2. Now find a line: [realms], and ad next lines under it:

    DOLLAR.EX.COM = {
    kdc = kdc.dollar.ex.com
    default_domain = DOLLAR.EX.COM
    kpasswd_server = kdc.dollar.ex.com
    }

    Where I assumed that, kdc.dollar.ex.com is the Kerberos KDC, and the password server. Probably you should just point it to AD hostname.
  3. Find a line: [domain_realm], add next lines:

    dollar = DOLLAR
    .ex.com = DOLLAR

    and whatever you might want to be resolved to that domain.

And now save it.

To log-in type:

kinit

To change the password, type:

kpasswd

For both commands I assumed that your Ubuntu user name is the same as the NT domain name. If not just add your NT domain username after the command.

Now just use your favorite (twin-panel) file manager, and enjoy.

Short notice on Hardy:

Hardy is now shipped with openwise, which does a very similar thing. But to use it you need to convince your domain administrator to type in hers/his password… For the solution above you do not need that. Probably there are other benefits of using openwise, I just don’t know…

I hope this will help linux evolve in corporate environment.

Share
Categories: open source, oss, ubuntu Tags: , , , , , , ,
  1. No comments yet.
  1. No trackbacks yet.