https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Open Source


Likewise Enterprise: Linux to Active Directory Integration?

  • Written by Christopher Tozzi
  • April 27, 2011

Deploying Linux desktops across large organizations has been getting easier with each new release. However, in practice, installing, configuring and securing such deployments is not so simple. With this fact in mind, we recently got in touch with Likewise vice-president Ken Cheney for a hands-on look at using his company’s chief product to simply and secure corporate deployments.  Here’s what we found …

Before delving into the nitty-gritty of the Likewise configuration itself, Cheney outlined why systems administrators should be interested in Likewise Enterprise and similar solutions for integrating Unix machines with Microsoft Active Directory, rather than relying on do-it-yourself approaches which can get ugly:

In the case of Linux desktops, it can be argued that enterprise adoption has lagged behind expectations given the perceived pain of simply getting Linux desktops to ‘play nice’ with legacy infrastructure investments. Despite a simpler path existing, many enterprises attempt to tie-in Linux desktops to their enterprise identity and access management infrastructure through sheer will, leveraging ‘baling wire and duct tape’ with homegrown solutions made up of Kerberos and LDAP. The result is often a costly and difficult environment to maintain and frequent end-user frustration, which impacts further adoption.

In contrast to solutions based on Kerberos and LDAP, Cheney observed, identity and access-management products consolidate directory services. They “remove the pain of the homegrown approach and are surprisingly easy to deploy.”

Deploying Likewise Enterprise on Ubuntu

Cheney then moved on to a discussion of the deployment and configuration of Enterprise Likewise, using an Ubuntu client as an example. Likewise Enterprise is the licensed version of the Likewise suite, providing more features than the free and open source Likewise Open, which supports basic AD integration but not advanced features such as UID/GID support for group policy, compliance reporting for auditors, and event management and dashboards.

Breaking the process down step-by-step, Cheney outlined the work needed to “operationalize” an Ubuntu machine as a happy constituent of an AD environment with the assistance of Likewise Enterprise:

Step 1 – Fire up the Likewise installer on a Windows Member Server, and go through the install wizard (you may also install the Likewise Tools separately on a workstation if you use ADUC/GPMC from your personal machine):

The install wizard will do the following:

  • Install the Likewise Tools
  • Install a MSFT SQL Express 2005 database
  • Install the auditing and event collection services
  • Creates a Likewise cell
  • Creates an OU for your machines to join to (We will use “UNIXComputers” in our example)
  • Creates a GPO called “Likewise Enterprise settings for UNIXComputers”
  • Configures that GPO with all of the auditing settings
  • Turns on assume default domain

Step 2 – Now let’s add Logon Restrictions:

  • Go into your Group Policy Management Console (GPMC) and edit the GPO
  • Choose the “Computer” section of the “Likewise Enterprise For Unix Computers” GPO
  • Select the “Unix & Linux Settings” folder – it’s a blue folder that AD admins won’t be used to seeing
  • Select “Likewise Settings”
  • Select “Allow Logon Rights” policy\
  • Specify which AD user and/or group that you will allow on to the new Ubuntu machine

Step 3 – Now we need to install Likewise Enterprise agent on the Ubuntu Machine:

  • Run command /opt/likewise/bin/domainjoin-cli join –ou UNIXComputers yourdomain.com Administrator (or use the GUI) to join the domain
  • Go back ADUC in AD and refresh (F5) – a new computer account shows up in the UNIXComputers OU in AD. The Group Policy agent on the Ubuntu host grabs all the settings from the GPO and applies them to itself

Step 4 – At this point all you have done to AD is add the Likewise Enterprise plug-in and add an OU. No schema changes or invasive changes have been made. This is called ‘Non-Schema mode.’

  • Now it’s time to add a user or group to the new Ubuntu machine.
    • Right click on a user “Jimmer” in ADUC (Active Directory Users & Computers)
    • Choose Properties
    • Choose “Likewise Settings” Tab (insert photo here)
    • Check the “UNIXComputers” cell (stuff below will un-gray)
    • Enter a custom UID or click “generate” to generate a hashed UID number (based on the user’s SID/RID in AD)
    • Select the dropdown for “Domain Users” group (all the default settings will then fill in)
    • Click “Accept” to accept the defaults or customize for your environment
  • Now do the same steps for adding the Windows group you put in the GPO above when setting up the Logon Restrictions to the Likewise UNIXComputers Cell. Only this time, you’ll be assigning a GID number to the group.

Step 5 – User “Jimmer” can now login to the Ubuntu machine with his AD credentials. It’s tracked in the event log, you can run reports on it, set additional group policies. SSH single sign-on will just work, and connecting to Windows shares from Ubuntu should automatically work.

Now you can either a) retire the “baling wire and duct-tape” approach you’ve been using or b) successfully “operationalize” your Ubuntu desktop rollout from day one.

And thus are the individual steps needed to operationalize an Ubuntu machine for an AD environment. Broken down like this, identity-management solutions demonstrate their value over hopelessly complex, hacked-together alternatives based on Kerberos and LDAP.

This isn’t to say, of course, that Likewise doesn’t have its complexities — witness the long documentation that explains the product’s advanced features — but its basic deployment can be quite facile, and is doubtless superior to hacking Kerberos configuration files by hand.

Sign up for The VAR Guy’s Weekly Newsletter, Webcasts and Resource Center. Follow The VAR Guy via RSS, Facebook and Twitter. Follow experts at VARtweet. Read The VAR Guy’s editorial disclosures here.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Open Source

Related


  • cloud data
    Your Cloud Data Is Protected, But Is It Portable?
    Why flexibility and containerization are the new must-haves for cloud data.
  • Spinoff Company
    IBM Names CEO of New Managed Services Spinoff
    The former IBM CFO is well-known to those within NewCo.
  • JEDI lightsaber
    AWS Still Chasing JEDI, Blasts Trump Administration Again
    AWS still wants to get JEDI from Microsoft. And there’s a new alliance in town. Plus, an update from iXsystems.
  • CEO Andy Jassy during keynote at AWS reInvent 2020
    AWS Partners Flooded with New Capabilities, Opportunities at re:Invent
    Channel head Doug Yeum introduced services, competencies and more ways for the channel to team with the cloud provider.

One comment

  1. Avatar oiaohm April 28, 2011 @ 11:24 pm
    Reply

    Likewise has one major downside Windows central server required.

    Also how out of date reporters can be. http://freeipa.org Linux based central server with bindings to ADS.

    This way Linux clients unless needing to get something from the windows server don’t eat up Windows Servers Cals. Hacking the files by hand for most uses is not required. Long term freeipa will most likely be the better solution.

    If you have been using the “baling wire and duct-tape” method it should have been retired a few years ago.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Dell Technologies Expands PowerProtect Portfolio, Embraces Data Protection Priorities
  • Wipro, Navisite, 2nd Watch Bolster Cloud Service Portfolios
  • IBM Cloud for Telecommunications to Rely on Integrators Right Away
  • WANdisco Partners Get First Formalized Partner Program

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Cloud-Based CRM: What SMBs Need to Know about Backup and Recovery

January 19, 2021

Cybersecurity: What to Expect in 2021

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

bit.ly/2Y0kFZh twitter.com/Craig_Galbrait…

January 21, 2021
ChannelFutures

Our latest #Cybersecurity Roundup features @BitSight and @kovrrIns, @Vectra_AI and @AppOmniSecurity,… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

.@solarwinds hackers target @Malwarebytes, impacting internal emails. #cybersecurity dlvr.it/RqzkZp https://t.co/aWqLjCCW9y

January 20, 2021
ChannelFutures

.@citrix $2.25 deal to acquire @wrike expands @CitrixPartners network into collaborative work management.… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

.@Carbonite Migrate uses real-time replication to move workloads to #cloud with minimal risk and near-zero downtime… twitter.com/i/web/status/1…

January 20, 2021
ChannelFutures

Backup and recovery is essential for #cloud-based CRMs @ConnectWise #SaaS #dataprotection #cloudbackup #databackup… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

You an #MSSP looking to avoid a #SolarWinds-type breach? @Asigra, @Barracuda, @CynetSystems give advice. Don’t blam… twitter.com/i/web/status/1…

January 19, 2021
ChannelFutures

What to expect in 2021 @Webroot #cybersecurity #MSP #remoteworkforce #remoteworking #Carbonite… twitter.com/i/web/status/1…

January 19, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X