Tips for quickstart of likewise 5.3.0-1 running on RHEL or SuSE for Active Directory authentication for your linux servers.

install likewise from http://www.likewise.com/products/likewise_open/

chmod +x LikewiseIdentityServiceOpen-5.3.0.7724-linux-x86_64-rpm-installer

./LikewiseIdentityServiceOpen-5.3.0.7724-linux-x86_64-rpm-installer

Accept the defaults then go to /etc/likewise

cd /etc/likewise

vi lsassd.conf

Change the options as follows:

login-shell-template = /bin/bash

homedir-template = %H/%U

assume-default-domain = yes

These options exist in more than one location in the file so be sure to update all occurences

Join your computer to the AD domain with following assuming that domain is example.com and you created ou structure of Servers/SUSE

domainjoin-cli join --ou Servers/SUSE example.com <joinAccountWithAddComputerRights>

See the documentation available on the likewise.com site for additional options and troubleshooting.

Adding SAMBA support on 64bit server:

See also: http://www.scribd.com/doc/8979504/Likewise-Samba-Guide-5

Create idmap directory with 755 perms in /usr/lib64/samba/

Create symbolic links for idmap backend with:

      ln -s /opt/likewise/lib64/lwicompat_v_2.so /usr/lib64/samba/idmap/lwicompat_v_2.so

      ln -s /opt/likewise/lib64/lwicompat_v_3.so /usr/lib64/samba/idmap/lwicompat_v_3.so

      ln -s /opt/likewise/lib64/lwicompat_v_4.so /usr/lib64/samba/idmap/lwicompat_v_4.so

Edit /etc/samba/smb.conf [global] section with:

[global]

        security = ads

        workgroup = NETBIOS name from output of /opt/likewise/bin/lw-get-status

        realm = REALM from value in /etc/krb5.conf

        #idmap backend for Samba 3.0.0 - 3.0.24 - use v4 instead if Samba is 3.0.25 or later

        idmap backend = lwicompat_v2

        idmap uid = 2000-9999999

        idmap gid = 2000-9999999

        domain logons = false

        domain master = no

        preferred master = no

        map to guest = Bad User

        include = /etc/samba/dhcp.conf

        usershare allow guests = No

        #  value below eliminates error Could not find this itemThis is no longer located in < %3 NULL:OpText>

        host msdfs = no

Update samba database with SID and password as follows:

      1. run /opt/likewise/bin/lw-dump-machine-acct <dns domain>

      2. Set domain SID with DomainSID value from output with:  

            net setdomainsid <DomainSID value>

      3. Set machine account password from value of  Machine Account Password:

            net changesecretpw -f

            Enter password: <EncryptedStringPassword from output>

      4. Verify with net ads testjoin

            Join is OK should be returned

Create a share with Domain Access permissions examples in /etc/samba/smb.conf:

# a share which is browseable but only writeable for Domain Users

[share1]

        comment = share1

        browseable = true

        create mask = 775

        directory mask = 775

        path = /data/share1

        write list = @NETBIOSDOMAIN\domain^users

# a share which is not browseable, is readable by Domain Users and writeable by Domain Admins

[share2]

        comment = share2

        browseable = false

        create mask = 775

        directory mask = 775

        path = /data/share1

        read list = @NETBIOSDOMAIN\domain^users

        write list = @NETBIOSDOMAIN\domain^admins