Traditionally, configuring Ubuntu servers to integrate with Microsoft Active Directory was not a lot of fun. It wasn't exactly difficult, but it involved editing lots of PAM and Kerberos configuration files, and often some perilous trial-and-error. But these days, there's a better way--for many situations, at least--and it's called Likewise. Here's how it works, and why I think it's so great.
In a world where Linux and Windows frequently have to coexist, and where Windows generally dominates, integrating Linux machines into Active Directory is often essential for sharing network resources, authenticating network users and so on.
You can complain that it shouldn't have to be this way--that Active Directory should not be at the center of most IT infrastructures--but the fact remains that it is and probably will be for a long time, since the Microsoft bandwagon is the only ride in town at most organizations these days.
Why I like LikewiseThe traditional procedure for joining a Linux machine to a Windows domain requires installing Winbind and Samba and editing a lot of text files, as explained on the Ubuntu community wiki, for example. This approach takes a lot of time and does not always yield ideal results--as in the case where your Active Directory administrators refuse to support POSIX extensions, necessitating a lot of dirty hacking.
Likewise takes a different approach to integrating Unix-based operating systems into Active Directory. Rather than requiring lots of configuration files, it runs a single service that talks to Active Directory and generates account information on the fly.
It's also really simple to install. A quick "apt-get install likewise-open" (with the Universe repository enabled) is all it takes. After that, joining a domain is as easy as running a utility called domainjoin-cli, which is provided by the Likewise package, and telling it which Windows domain you want to join (for more on the specifics of this process, check out the Ubuntu wiki).
After joining a domain with Likewise, Active Directory accounts can be authenticated locally right away (Likewise will recommend that you reboot after adding the domain, but if you like to live as dangerously as I do, you may find that the reboot is not really necessary). In other words, Likewise does a really good job of "just working," as Steve Jobs might say if he weren't busy designing oversized cellphones.
The not-so-likableLest I sound too much like a Likewise fanboy, I should point out its flaws. Although it makes Active Directory integration much faster and easier than the traditional approach, it's not perfect.
The biggest downside for most people is the requirement that non-local users employ the domain\username syntax in order to authenticate. In other words, if you want to ssh into a Likewise-equipped server using an Active Directory account rather than a local one, you would need to type something like "ssh 'domain-name\john'@server-name", which can get old after a while.
The utilities that Likewise uses to manage domains could also stand to be better named. There's got to be something catchier than domainjoin-cli that the developers could come up with.
And while Likewise can be especially useful in Active Directory environments that lack POSIX extensions, because it makes up user and group IDs on the fly rather than requiring them to be hard-coded somewhere, it still has the potential for colliding account information if you have enough users.
Despite these shortcomings, Likewise is a great tool for accomplishing a task that would otherwise suck up a lot of time and keystrokes. It's also a good example of how easy it can be to make Ubuntu coexist with Windows.