virtual grind thoughts from the virtual world

15Oct/120

Using Likewise To Integrate Ubuntu Into Active Directory

Just thought I would share a quick post on adding your Ubuntu servers to Active Directory. Using Active Directory for centralized and distributed management of computers and users is a common practice. Allowing Linux machines to interact with the Active Directory extends this functionality into the Linux world, allowing administrators to use things like security groups and permissions for easy access.

Fortunately, in today's times, this process is a lot easier than it was years ago with the use of Likewise. To install Likewise, simply add the package via apt:

sudo apt-get install likewise-open

Once the package is installed, you have to join your Ubuntu installation to the Active Directory:

sudo domainjoin-cli join virtualgrind.local Administrator

In the above line, you are joining an Active Directory domain with a name of "virtualgrind.local" with the user "Administrator". Note that you will need to enter your domain name and a user account that has permissions to join the domain, if you do not use the Administrator account.

Once you enter the domainjoin-cli command, you will be prompted for the Active Directory account's password that was specified. If all goes well, you will see a "SUCCESS" message. You will also see the Ubuntu machine added as a computer in your Active Directory.

At this point, any Active Directory account will be able to ssh into the server. You can test this by creating a ssh session to the machine with an Active Directory account:

ssh virtualgrind\\johndoe@ubuntu-server
or
ssh 'virtualgrind\johndoe'@ubuntu-server

In the above example, you are providing the standard UNC naming convention as the username for your ssh connection, or DOMAINNAME\USERNAME. In this particular example, the domain name is "VIRTUALGRIND" and the user name is "johndoe". Also note that the hostname of this example is "ubuntu-server". You could also use the IP address of the server as well.

To limit the groups of users that are able to ssh into the server, you will then need to use the "lwregshell" command:

sudo lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]' RequireMembershipOf "virtualgrind\\SSH^Users" "virtualgrind\\Linux_Admins"

...then, to apply the changes and restart the service:

sudo lwsm refresh lsass

In this example, the lwregshell command is requiring that ssh users are members of the Active Group "SSH Users" or "Linux_Admins". I included two groups to show how to deal with spaces in a group name, or by using something like an underscore for your group names in Active Directory.

Finally, if any of the users that are accessing the system from Active Directory need to use the sudo command, you will also need to provide the UNC style name to the sudoers file:

%VIRTUALGRIND\\Linux_Admins ALL=(ALL)ALL

In this example, we are adding a line to the /etc/sudoers with the UNC name of the domain and group. For this instance, we are allowing the "Linux_Admins" group from the domain "VIRTUALGRIND" full sudo access. Remember to use the visudo command when performing this versus using something like pico or vi.

13Nov/102

Automating VMware Tools Installation in Ubuntu

I have been asked numerous times about automating the VMware tools installation in Linux based operating systems.  I have seen people commonly use RPM's and even compile the tools from source, but the feedback I usually get is that admins would like to automate the installation, like they do in Windows.

Fortunately for us, VMware has been gracious enough to include packages for not only Ubuntu; but also Redhat, CentOS, and SLES.  When I tell people this, the response I usually get is that they never knew these options were available.

For the purpose of this post, I will go over the installation of VMware Tools in Ubuntu 10.04 LTS.  I will also include a link to VMware's official installation guide that covers these steps in detail for more operating systems.

The first step is to add VMware's repo to /etc/apt/sources.list and install VMware's GPG key.  Note that when you are adding the repo, you are adding the "4.1latest" repo.

$ apt-add-repository 'deb http://packages.vmware.com/tools/esx/4.1latest/ubuntu lucid main restricted'
$ wget http://packages.vmware.com/tools/VMWARE-PACKAGING-GPG-KEY.pub -q -O- | apt-key add -

The following five commands update your local package lists, installs VMware packages, and builds/installs the kernel modules:

$ apt-get update
$ apt-get install vmware-open-vm-tools-kmod-source
$ module-assistant prepare
$ module-assistant build vmware-open-vm-tools-kmod-source
$ module-assistant install vmware-open-vm-tools-kmod

Finally, now that everything is built, you simply need to install the packages. The final two commands depend on your installation. If you are not running a graphical interface on your system you will choose the first option that ends in "-nox". If you are using a graphical interface, use the latter command. Remember you only use on or the other, not both.

$ apt-get install vmware-open-vm-tools-nox 

OR
$ apt-get install vmware-open-vm-tools

The official VMware guide can be found here.