Granting Active Directory group privilge to logon to linux server

Likewise similar to Winbind is an open source software used to integrate linux server with Microsoft Active Directory authentication.

This article assume that you already have Likewise installed and configured on the Linux server. The steps below is simply to grant a new AD group the privilege to logon to a Linux server.

To find out what version of Likewise is installed.
# cat /opt/likewise/data/VERSION
VERSION=5.1.0
BUILD=5261
REVISION=34052
[root@cube data]#

Alternatively you can also use.
# /opt/likewise/bin/lw-get-status

# rpm -qa | grep likewise
likewise-sqlite-5.1.0-1.34052.5261
likewise-lsass-5.1.0-1.34052.5261
likewise-base-5.1.0-1.34052.5261
likewise-domainjoin-5.1.0-1.34052.5261
likewise-krb5-5.1.0-1.34052.5261
likewise-mod-auth-kerb-5.1.0-1.34052.5261
likewise-rpc-5.1.0-1.34052.5261
likewise-openldap-5.1.0-1.34052.5261
likewise-passwd-5.1.0-1.34052.5261
likewise-eventlog-5.1.0-1.34052.5261
likewise-libxml2-5.1.0-1.34052.5261
likewise-pstore-5.1.0-1.34052.5261
likewise-netlogon-5.1.0-1.34052.5261

List the services associated with Likewise.
# ps -ef | grep like
root 2749 1 0 Nov12 ? 00:00:00 /opt/likewise/sbin/dcerpcd
root 2777 1 0 Nov12 ? 00:00:00 /opt/likewise/sbin/eventlogd –start-as-daemon
root 2796 1 0 Nov12 ? 00:00:01 /opt/likewise/sbin/netlogond –start-as-daemon
root 2823 1 0 Nov12 ? 00:00:06 /opt/likewise/sbin/lsassd –start-as-daemon
root 2841 1 0 Nov12 ? 00:00:00 /opt/likewise/sbin/lwrdrd –start-as-daemon
root 12990 12945 0 11:04 pts/1 00:00:00 grep like

Restart the services.
# service lsassd restart
Stopping lsassd: [ OK ]
Starting lsassd: [ OK ]

# service lwrdrd restart
Stopping lwrdrd: [ OK ]
Starting lwrdrd: [ OK ]

# service netlogond restart
Stopping netlogond: [ OK ]
Starting netlogond: [ OK ]

# service eventlogd restart
Stopping eventlogd: [ OK ]
Starting eventlogd: [ OK ]

Grant the groups domain admins and backup-operators permission to logon to this server.
# Vi /etc/likewise/lsassd.conf
require-membership-of = andrewlin-domain\domain admins, andrelin-domain\backup-operators

About Andrew Lin

Hi,
I have always wanted to creat a blog site but never had the time. I have been working in Information Technology for over 15 years. I specialize mainly in networks and server technologies and dabble a little with the programming aspects.

Andrew Lin

View all posts by Andrew Lin →

Leave a Reply

Your email address will not be published. Required fields are marked *