From Fedora Project Wiki

Likewise Open

Summary

Likewise Open joins Linux machines to Microsoft Active Directory and securely authenticates users with their domain credentials.

Owner

  • Email: ssalley@likewise.com

Current status

  • Targeted release: Fedora 41
  • Last updated: March 1, 2010
  • Percentage of completion: 90%


Detailed Description

After joining to Active Directory, users will be able to log in with their domain credentials.

Benefit to Fedora

The addition of Likewise Open will allow Fedora into environments where computers and users must be managed by Active Directory, namely large corporations dominated by MS Windows.

Scope

  1. Get changes into SELinux
  2. OpenLDAP version is appropriate
  3. Kerberos version is appropriate

How To Test

A misconfigured authentication system can prevent all logins! Initial testing should be done with a system you don't care about or through a VM.

  1. Join you machine to Active Directory through either the command line or GUI interface.
    1. domainjoin-cli join DOMAIN.COM DOMAIN\\username <enter domain password at prompt.>
    2. domainjoin-gui
  2. Attempt logging in as a domain user.
    1. ssh by DOMAIN\\username@localhost

The number of 'whacks' between DOMAIN and username varies depending on if the 'whack' is an escape character.

All programs should behave normally once you are logged in.

User Experience

Login screens and prompts will appear the same as usual but Active Directory credentials will accepted.

Dependencies

No other packages are dependent on Likewise Open.

Likewise Open is dependent on

  • OpenLdap
  • Kerberos
  • SELinux


Contingency Plan

Likewise Open is not a necessary part of the distribution and nothing (but my ego) will be harmed if it is not included.

Documentation

Release Notes

  • Likewise Open provides a means to authenticate with Microsoft's Active Directory.


Comments and Discussion