Ubuntu – Joining / Logging into Windows Domains

KB ID 0000384

Problem

You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.

Note: The domain controller is a Windows 2008 R2 Server.

Solution

Notes

1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).

[box]sudo apt-get install likewise-open5 sudo domainjoin-cli join domaina.com administrator sudo reboot[/box]

2. Then to allow users to logon from the Ubuntu welcome screen,

[box]sudo nano /etc/samba/lwiauthd.conf[/box]

3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.

[box]winbind use default domain = yes[/box]

4. Then reboot.

[box]sudo reboot[/box]

5. To allow sudo for the domain user(s),

[box]sudo nano /etc/sudoers[/box]

Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).

[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>

Problem 1

Error: Lsass Error [code 0x00080047]

9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.

 

This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.

FIX

Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,

[box]cat /etc/resolv.conf[/box]

Then get the domain syntax right, in my case the domain name.

[box]

[WORKS] sudo domainjoin-cli join domaina.com administrator

[WONT WORK] sudo domainjoin-cli join DOMAINA.COM administrator
[WONT WORK] sudo domainjoin-cli join domaina administrator
[WONT WORK] sudo domainjoin-cli join DOMAINA administrator

[/box]

And then it connected faultlessly.

Problem 2

Error: Lsass Error [code 0x00080047]

5 (0x5) ERROR_ACCESS_DENIED – Access is denied.

This turned out to be a variation on the problem above, If you put in the domain name in UPPER CASE you will see this error.

[box]

[WORKS] sudo domainjoin-cli join domaina.com administrator

[WONT WORK] sudo domainjoin-cli join DOMAINA.COM administrator

[/box]

If you would like to add your domain user(s) to the welcome screen click here.

Update 04/01/12

Attention:  PeteNetLive – Suggestion 

Message: Hi,

Thanks very much for you YouTube and description of joining Ubuntu to a domain.  There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account.  To do this I had to add the following line to /etc/lightdm/lightdm.conf

greeter-show-manual-login=true

I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.

Thanks again.

From: Roland Elferink

Related Articles, References, Credits, or External Links

Thanks to Roland Elferink for the update.

Original Article written 27/01/11

Brocade 300 SAN Switch – Setup and Configure

KB ID 0000593

Problem

I got a warning from a colleague that these switches, were no longer ‘Open’. i.e. You can no longer just plug them in, connect all your SAN devices and it will work. That’s how they used to work, so someone has decided to have then ‘Not Work’ out of the box (Nice one, well done).

Solution

Rack fitting the Brocade 300 SAN Switch

1. Each mounting rail is in three pieces (2 long pieces and a small bracket that will be in the bag with the screws). The two outer brackets (without all the screw holes in them) are labelled left and right, and are fixed to the front of the rack, using the square washers that fit into the square holes in the rack, (see below).

2. At the rear, use the small bracket and screw it to the rack in the same manner as the front.

3. The ‘inner’ rails screw onto the side of the switch and the air guide/baffle, as shown. If you line the front up the correct screw holes should be visible. Secure them with the round headed screws that have washers on them. (Note: the air baffle has a row of rivets on it – these face downwards).

4. With both inner rails fitted, the switch will slide into the outer rails that are screwed to the rack. (From the front you want the power socket on the left, or the switch will go in upside down!)

5. Once inserted secure in place with a single screw in the middle.

5. Finally, use the large nut to secure all the rails to the bracket at the rear.

 

Configuring the Brocade 300 SAN Switch

If you are feeling especially lazy, you can connect the switch to the network and connect to it via http://10.77.77.77 (Give yourself an IP address of 10.77.77.1/24). Use the username root and the password fibranne

1. If you don’t want to do that, connect the console cable (provided) to your PC and launch the EZ Setup Software supplied with the switch. Select English > OK.

2. At the Welcome Screen > Next > Next > accept the EULA > Install > Done > Select Serial Cable > Next > Next (make sure HyperTerminal is NOT on or it will fail). It should find the switch > Set its IP details)

2. Next > Follow Instructions.

3. With the IP address set, you can connect to the switch via its web console (You must have Java installed). Once logged in (the default root password id fibranne unless you have changed it). Select ‘Zone Admin’.

4. Select Zone > New Zone > Create one > Now select all the WWW/Node names that are connected, and then you can add then to the new zone.

5. Before closing the window, Zoning Actions > Save Config.

Brocade 300 Additional Notes

Whilst connected via terminal (9600/8/1/N) you can use the following commands;

To show IP “ipaddshow”
To change IP “ipaddrset”

Default Passwords

username root password fibranne
username admin password password

Related Articles, References, Credits, or External Links

NA