Power Broker Open(Likewise Open) and Samba

You are here:
< Back

Goal

Power Broker Open, what used to be named Likewise Open is a fantastic (mostly) worry free utility for joining Linux systems to a Windows Active Directory domain.  The amount of configuration is minimal and scripts have been created to manage these configurations.  For a cost you can even get additional modules and functionality to allow management of the Linux platform.  One of the more frustrating parts of this software is the lack of documentation, or maybe I should say proper documentation.  The goal of this article is to provide proper documentation on integrating Samba authentication against Active Directory using Power Broker Open.

Background

I have recently discovered how to enable samba integration with this authentication.  It is not enabled by default and it is not the typical method of using winbind.  It may also be tempted to run the following:

net -U <username> ads join

but this just breaks the Power Broker Open functionality.  Success may be achieved with the Samba functionality, but it will be using a different mechanism for authentication now and all the authentication that was provided with Power Broker Open will cease to function.  A utility is included at least from the versions available from 12.04 and up, that adds the required functionality.

Resolution

If Power Broker Open is installed on the system, all the required executables will be located in the /opt/pbis location in the bin directory.  The code that sets up the Samba integration is the following, and once you run it, that should be all that is required.  You will see a couple of lines, one that will be verifying the Samba version currently installed on the system, and the other one verifying the success / failure of the integration setup.

samba-interop-install --install

It is important to note that this utility must be run as root.  So either sudo or running as the root account will be required.  The error that is displayed when not running with root permissions does not make this obvious.  Once the Samba version is verified and compatabile and the integration was verified successful, from another domain joined workstation, entering the address of the server should provide the shares available.  If you need to setup shares, this can be done in the /etc/samba/smb.conf file.  The file is filled with documentation on how to do this, but all that is needed is to setup the shares in “shares” section of this file.  The official Samba website has really good documentation on setting up shares and the various options.  It can be found here:  http://www.samba.org/.

Troubleshooting

Only a couple of things will prevent this from being successfully configured.

  1. Proper elevated credentials were not used when running the executable
  2. An incompatable version of Samba is installed on the system
  3. Power Broker Open has not been properly configured
Last Updated On October 24, 2017