How to Bridge Microsoft Active Directory and Linux

Tuesday Sep 21st 2010 by Joe Brockmeier

Likewise Open, the open source secure authentication application, takes the pain out of joining Linux – and Mac and Unix -- machines to Active Directory.

Many small and medium-sized businesses standardize on Microsoft Active Directory (AD) for user authentication and management. That works really well when all the servers and client computers are running Windows, but what about integrating Linux or other operating systems (OSes) into the mix? Using Likewise Open, you can authenticate against AD from other OSes with minimal hassle.

Interoperability is a big issue for many small businesses, and standardizing on Microsoft Active Directory frequently means that companies avoid non-Microsoft OSes; they want to avoid the hassles that come with making Windows and other OSes play nice. But that's a problem, because Linux or other OSes can help companies tackle some computing problems more effectively -- and save them a lot of money in the process.

A quick disclaimer: I'm not employed by Likewise, but I do some consulting and writing work for the company. I should mention that Likewise Open isn't the only free tool -- or the only tool in general -- to bridge Microsoft AD with Linux, Mac OS and Unix OSes. (There's always more than one way to do it.)

Likewise has proprietary products on top of Open that add reporting, auditing and other tools that are usually more important for large enterprises. Other companies like Centrify also provide AD bridging software commercially and offer some free proprietary tools for connecting to AD.

Likewise Open has the benefit of being open source and easy to work with, though. This is why I recommend Open to start with for companies that want to bridge AD and Linux or other OSes. Just grab the packages, install, and set up authentication in a few steps.

If you're on Ubuntu, you can grab the Likewise packages from the repositories, or from the Likewise download page if you're using a different Linux distro. Unfortunately, the company requires an email address to access the downloads for Likewise Open -- but no registration is required to get the packages from the Ubuntu repos.

Installation is easy, and then all that's required is to fire up the CLI tool or GUI and provide the Windows Domain you want to join and the credentials. Once that's done the first time, it's possible to log into the system using the Windows credentials and have a single login for all.

Once you join a Linux system to AD, you can also use Single Sign-On with SSH and PuTTY, so if you're on a Windows box and use PuTTY to connect to a Linux server (for example) you're able to do this with the AD credentials. It doesn't require any changes on the AD side -- so it's fairly low-impact for the admin or admins at the business.

Why Do We Care?

Why worry about bridging other OSes to Microsoft AD? No matter what tool you choose, it's a good idea to have a central tool for user authentication. Let's say you have a mixed network with a couple of Windows servers, a couple of Linux boxes, several Windows desktops, and one or two employees using Linux or Mac OS.

One way to handle user management is to deal with all the users on a per-system basis. If John Doe needs an account on the Windows server, it'll be created on the fly when John needs an account.

Then if John needs an account on the Linux Web server, create that on the fly as well, and then later add some credentials for accessing SharePoint and John's desktop. Now John has four separate logins that need to be managed separately.

When John leaves the company, someone has to remember to turn off the accounts on every machine.

Another solution is to have two directories, like OpenLDAP for Linux machines, and Active Directory for Microsoft. That mitigates the problem somewhat, but now you've got two directories to maintain. Better, but not ideal.

For security, and to help users and admins keep their sanity intact, it's much better to have a central authority. If the central authority in your business is already AD, then Likewise Open is one of the ways you can keep using AD while still adding Linux and other OSes to the mix.

Joe 'Zonker' Brockmeier is a freelance writer and editor with more than 10 years covering IT. Formerly the openSUSE Community Manager for Novell, Brockmeier has written for Linux Magazine, Sys Admin, Linux Pro Magazine, IBM developerWorks,,, Linux Weekly News, ZDNet, and many other publications. Brockmeier is also a FLOSS advocate and participates in several projects, including GNOME as the PR team lead. You can reach Zonker at and follow him on Twitter.

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved