You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.
Note: The domain controller is a Windows 2008 R2 Server.
Solution
Notes
1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).
2. Then to allow users to logon from the Ubuntu welcome screen,
[box]sudo nano /etc/samba/lwiauthd.conf[/box]
3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.
[box]winbind use default domain = yes[/box]
4. Then reboot.
[box]sudo reboot[/box]
5. To allow sudo for the domain user(s),
[box]sudo nano /etc/sudoers[/box]
Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).
[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>
Problem 1
Error: Lsass Error [code 0x00080047]
9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.
This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.
FIX
Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,
[box]cat /etc/resolv.conf[/box]
Then get the domain syntax right, in my case the domain name.
If you would like to add your domain user(s) to the welcome screen click here.
Update 04/01/12
Attention: PeteNetLive – Suggestion
Message: Hi,
Thanks very much for you YouTube and description of joining Ubuntu to a domain. There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account. To do this I had to add the following line to /etc/lightdm/lightdm.conf
greeter-show-manual-login=true
I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.
Thanks again.
From: Roland Elferink
Related Articles, References, Credits, or External Links
While I like RDX drives, (they have advantages over magnetic tape), but they do have a drawback, throughput.
As you can see the removable drive/cartridges are just 1TBSATA Drives in a protective jacket, with a “write protection switch” on them.
So they should be perfect as a backup medium, the problem is, the drive carrier itself runs off the USB bus, so they can’t run faster than 48MB a second (I’ve not seen a server that has USB 3 on it yet). HP literature says that its backup rate is 108GB an hour. However for a small business that can be more than acceptable. It’s advantage, if it keeps the client that wants to take his backups home with them on a “Tape” happy (Because that’s what they have always done).
So the other week I found myself with a shiny new RDX Drive and an old SBS 2003 Server running Backup Exec 11d.
Solution
Note: If you are running Backup Exec versions 10 or 11 you CANNOT perform backups with GRT. If you want this functionality then you need to upgrade to a newer version (GRT to RDX drive works fine with Backup Exec 2010 R3).
1. Once you have physically installed the drive and connected it to the servers internal USB interface, you should see the drive listed below disk drives.
2. With an RDX Cartridge loaded it behaves just like a 1TB Drive (because that’s exactly what it is).
3. To use the drive in Backup Exec you need to create a new “Removable Backup-to-Disk Folder”.
4. Give the removable folder a sensible name, and I set the maximum size to 1023GB to make sure it can’t try and outgrow the drive.
5. Once complete it will create “Media” in the removable folder that it names incrementally as it sees new cartridges, in the FLDR000001, FLDR000002, etc, format. Treat these the same as any other backup media, i.e. you can add them to media groups for different backup jobs.
Related Articles, References, Credits, or External Links
This was asked on Experts Exchange this morning, and so I thought I’d get it documented. There are loads of reasons why you might want to change a username, display name, and email address. It can be spelt wrong, a user has got married/divorced and changed their surname, or they have simply changed their name.
There are also some clients who don’t create a new user when a member of staff leaves. They just want to rename the old user and change the email address. The advantage of this approach is that all the group membership, and permissions will be correct for the replacement member of staff.
Solution
Step 1 Change the Username, Logon Name and Display Name.
1. On the Exchange server > Start > Run > dsa.msc {enter} > Locate the user in question > Right click and rename.
Note: You can do this on any Domain Controller but for Step 2 we will need to be on an Exchange server, or a machine with the Exchange Management tools installed.
2. As soon as you press {enter} > The rename user dialog will open, and you can change the display name, and the user logon name > OK.
Step 2 – Exchange 2000 / 2003 (Including SBS 2000 / 2003) Change the Email address.
Note: For newer versions of Exchange see below.
1. Whilst still in active Directory Users and Computers > Right click the affected user > Properties.
4. Untick the “Automatically update email…” option > Select the NEW email address >Set As Primary > Apply > OK.
Note: It can take a while for your global address list to update, then your Outlook clients need to get the updated list, sometimes this can take a couple of days! Be patient, the changes have been made.
Step 2 – Exchange 2007 / 2010 (Including SBS 2008 / 2011) Change the Email address.
1. On your Exchange 2007/2010 Server Launch the Exchange Management Console > Recipient Configuration > Mailbox > Locate the user > Properties.
2. E-mail Addresses tab > Add > Type in the new address > OK.
3. Untick the “Automatically update email…” option > Select the NEW email address > Set As Primary > Apply > OK.
Note: It can take a while for your global address list to update, then your Outlook clients need to get the updated list, sometimes this can take a couple of days! Be patient, the changes have been made.
Related Articles, References, Credits, or External Links
This process was done with Windows 10, but the procedure is the same going all the way back to Windows 2000.
Solution
Note: The main reason this procedure fails, is because the client that you are attempting to perform the join from cannot resolve the domain name of your domain! Make sure it has one of your domain servers listed in the properties of its network connection, (or at least a method of resolving the name).
Windows Server 2008 R2 and 2012 are a lot better with printing support over remote desktop, that their predecessors were. But to be able to print to your remote users ‘local’ machines. The TS/RDP server still likes to have the correct drivers installed.
What about Easy Print?
Easy Print (Introduced with Server 2008 R2) is a ‘proxy’ service that simply sends all print processes to the remote machine rather than the server itself, thus negating the need for a driver. That’s great! Unless your remote home users still have Windows XP or Vista (Pre SP1).
Solution
1. Before troubleshooting, make sure the printer actually works on the client machine, you don’t want to spend an hour trying to get it working when it’s actually out of paper or not turned on, (sorry but users are ‘challenging’).
2. Download the Drivers to the Remote Desktop Server. MAKE SURE if your clients are a mix of x86 and x64 bit versions of Windows you need to download BOTH versions of the driver.
Note: Download x86 and x64 bit versions of the SAME driver, i.e. Try and install an x86 PCL6 driver and an x64 bit PCL5 Driver and you may get an error.
Note 2: With some older printers, you can save a lot of time by simply plugging them into the server and letting Windows Update do the hard work for you. You might think that this is ‘time/cost prohibitive’. But I once spent an afternoon trying to get an HP multifunction printer to work that was worth about £60. The remote client was 45 minutes away, by the time I was finished the cost was greater than replacing this printer with 6 or 7 new ones that would have worked out of the box!
3. You can simply install the printer on the Server if you wish, then delete the printer and the drivers will remain, though the correct way is to add the drivers via the servers ‘Print Server Properties’.
Server 2000 / 2003
Start > Run > control printers {Enter}.
Server 2012/2008 R2
Windows Key+R > control printers {Enter}.
Note: Print server properties is not visible until you select a printer.
4. Repeat the process to add additional driers for the CPU architecture of your remote clients (x86, x64, etc).
Related Articles, References, Credits, or External Links
You have a 2008 R2 Server to sysprep, but your not sure where sysprep is.
Solution
1. Thankfully in Server 2008 R2, there’s no messing about, its in c:windowssystem32sysprep. (Note: to regenerate a SID don’t forget to tick “Generalize”).
Server 2008 – It’s in the same place.
Server 2003 – As with Windows XP, you need to get it from the Windows install CD, its in the supporttoolsdeploy.cab.
Once the files are extracted you can run sysprep (Note: setupmgr.exe is used to create the unattended / answer files for sysprep.)
Related Articles, References, Credits, or External Links
If you have an existing Windows Server 2000 domain, and you would like to add a Windows Server 2003 Domain controller, there’s a few extra hoops to jump through.
Solution
Before you start, make sure all your domain controllers are at AT LEAST Service pack 2, though there’s no reason not to be at Service Pack 4.