Showing results for 
Search instead for 
Do you mean 
Corey

How to: Install Centrify DirectControl Express on Ubuntu 10.04/10.10/11.04 using the Ubuntu partner repository

by Centrify ‎09-03-2010 01:28 PM - edited ‎05-15-2011 05:04 PM

 

Through the DirectManage Express or DirectControl Express downloads you can quickly and easily join a Ubuntu 10.04 LTS (Lucid) or 10.10 (Maverick) or 11.04 (Natty) servers and desktops to Active Directory. Using either of these approaches an intelligent install script is used to install the DirectControl Express agent and join the system to Active Directory.

 

Many Ubuntu users however prefer to install software packages like Centrify DirectControl Express using the built in package managers like Software Center, Synaptic, Adept, Aptitude, apt-get or others.

 

Recently, Canonical has certified and published Centrify DirectControl Express in both the 10.04 LTS Lucid and 10.10 Maverick and 11.04 Natty Partner Repositories. This article will describe how to ensure that the partner repository is available and describe how to install DirectControl Express and join a system to Active Directory...

 

 

Before you get started, make sure you have:

 

  • The sudo password and rights to install the software regardless of the method used.
  • The username and password of an Active Directory account that has permission to join a computer to AD.
NOTE: Both DirectManage Express and DirectControl Express normal installation methods automatically install the Centrify-Enabled OpenSSH package. The method described in this article does not. If you want to use the Centrify-Enabled version of OpenSSH you will need to install using either the DirectManage or DirectControl approach using the default installer.
Now you are ready to get started:

As there are many tools to do installations, I am only going to cover two of them - Software Center and the CLI using apt tools.

 

  • The first step is to enable the Lucid (or Maverick) partner repository where the DirectControl Express package is made available. Via the Software Center you need to select Edit ==> Software Sources ==> Other Software (tab) and make sure the checkbox is checked for the partner repository "http://archive.canonical.com/ubuntu lucid partner" (or Maverick or Natty) as follows:

    4iB13AE4F85CF5C8F5

    You can also add the partner repository from the command line as follows (for lucid):

 

sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"

or for maverick:

 

sudo add-apt-repository "deb http://archive.canonical.com/ maverick partner"

or for natty:

 

sudo add-apt-repository "deb http://archive.canonical.com/ natty partner"
  • Once you have the partner repository added you are now ready to find and install the DirectControl bits. 

    From the Software Center you can search for Centrify and you will find the following package:

    6i350AE1D353CF13A7

    Simply select install, enter your sudo password and wait for installation.

    Alternatively you can install via apt-get as follows:
 sudo apt-get install centrifydc
  • Once you have successfully install the centrifydc package you must join the system to Active Directory.

sudo adjoin -w domain.name
where domain.name is the name of your Active Directory domain. 
NOTE: You will need your Active Directory administrator password to run this command. You may specify a user other than the default administrator with the -u option (--user). See the adjoin manpage for more information on how to run the adjoin command as another user.
Assuming this is successful you should be able to run the following command to verify the join:
adinfo
and the output should look something like this:
cowillia@ubuntu:~$ adinfo
Local host name:   ubuntu
Joined to domain:  centrify.se
Joined as:         ubuntu.centrify.se
Pre-win2K name:    ubuntu
Current DC:        se-win2k8ent.centrify.se
Preferred site:    Default-First-Site-Name
Zone:              Auto Zone
CentrifyDC mode:   connected
Licensed Features: Disabled
cowillia@ubuntu:~$ adinfo
Local host name:   ubuntu
Joined to domain:  centrify.se
Joined as:         ubuntu.centrify.se
Pre-win2K name:    ubuntu
Current DC:        se-win2k8ent.centrify.se
Preferred site:    Default-First-Site-Name
Zone:              Auto Zone
CentrifyDC mode:   connected
Licensed Features: Disabled

That’s all you have to do! You have now joined your Linux system to Active Directory! Verify authentication by attempting to log on to the Linux computer by using any Active Directory user account. When using Centrify DirectControl Express Edition, you are connected to the domain through Auto Zone, which is essentially one super zone for the forest. By default, when you join a domain by connecting to Auto Zone, all users and groups defined in Active Directory for the forest automatically become valid users and groups on the Linux or Mac OS X computer.
NOTE: GDM needs to be restarted before login for an AD user will work, the easiest way is to simply restart the system.

Comments
by knelmes on ‎11-13-2010 11:54 AM

Thanks for the great guide

 

I've got one problem - as soon as I join the domain I can't use sudo. I get 'k is not in the sudoers file. This incident will be reported.'

 

My /etc/sudoers file is unchanged and k is still in the admin group.

 

I'm using ubuntu 10.10. Any ideas?

 

Thanks

by Centrify on ‎11-13-2010 03:18 PM

Check out the discussion from: http://community.centrify.com/t5/DirectControl-Express/loss-of-sudo-access-after-installation/m-p/47...

 

The salient point is "To solve this edit the /etc/centrifydc/group.ignore file and add the group "admin" to the list. After we restarted the machine everything was fine."

 

The cause may be that you have an AD group with the same "admin" name but no "k" user in the AD admin group.

 

Corey

by knelmes on ‎11-13-2010 03:53 PM

Thank you! Had a user called admin in AD, with that gone it works

by sillat on ‎10-11-2011 08:09 AM

I Installed Centrify and followed the instructions and join the computer to the windows domain successfully… it instructed me to reboot..
I then rebooted but when i reach the login screen and enter my user name and password it just bounces back
Is there a special way i should type my AD Username to login ??

the PC is joined to the Domain becuz i can see the new name change in the DHCP server . .
I’m locked out my Computer and i dont know why bcause my username/password is right
Any help will be appreciated…
Thanks much

by Centrify on ‎10-11-2011 02:21 PM

Sillat : Are you able to login using a local user ? Or are you completely locked out ? The accepted username formats are:

 

UPN, SamAccountName and NTLM formats. Example : username@domain.name or username or DOMAIN\username

 

Could you kindly open a separate post under DirectControl Express message board ?

by malikdhadha on ‎02-17-2012 10:10 PM

i am using the ubuntu 11.10 i am not able to join im getting the following error...please help me put

 

Administrator's Active Directory password:
Cannot find an Active Directory domain named 'domain.LHS' in DNS or '/etc/centrifydc/centrifydc.conf'
Join to domain 'domain.LHS', zone 'Auto Zone' failed.
malik@malik-aspire-r1600:~$

by Centrify on ‎02-17-2012 10:52 PM - last edited on ‎09-25-2012 04:09 PM by Community Manager

mohamed -

 

Could you kindly open a separate post under DirectControl Express message board ?

 

And can you also post the output of the adcheck command?  adcheck runs when you run the install-express.sh.  re-run the installer and you will see the pre-install check run, cut-n-paste that output.  see 1:13 into this video for what I am talking about ...

 

thx, tom

by Imran on ‎06-10-2012 02:39 AM

Dear Centrify Professionals,

 

We have centrify installed in our bank. each server is created as a zone and respective users given access.

What i would like to know... if a new user is created does he have to be added to each zone(server) manually? or is there a shortcut?

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.