Labels

Friday, April 25, 2014

PowerBroker Identity Services (formerly Likewise Open) on Ubuntu server

*Likewise Open is no longer available.  It has been taken over by BeyondTrust and is called PowerBroker® Identity Services, Open Edition
Here are the steps I took to get PowerBroker Identity Services, Open Edition onto Ubuntu Server.
Versions:
  • Ubuntu Server 14.04 64-bit
  • PBIS Open 8.0.0.2016 - Stable Release
  1. Log-in to server with sudo privileges
  2. Be sure ssh server is installed
  3. Download PowerBroker® Identity Services, Open Edition 
  4. Make script executable
      $chmod +x pbis-open-8.0.0.2016.linux.x86_64.deb.sh
  5. Execute install script and follow istructions 
      $sudo ./pbis-open-8.0.0.2016.linux.x86_64.deb.sh
  6. Join the domain
      $sudo domainjoin-cli join <domain name> <domain admin user>
  7. Change default shell for domain users to bash
      $sudo /opt/pbis/bin/config LoginShellTemplate /bin/bash
  8. If you would like, set the domain as default (not require <domain>\ to precede username for domain logins)
      $sudo /opt/pbis/bin/config AssumeDefaultDomain true
  9. Add domain users to necessary groups in /etc/group (sudo for the admin users)
  10. Clear cache
      $sudo /opt/pbis/bin/ad-cache --delete-all
  11. Apply fix: Edit /etc/pam.d/common-session and change "session sufficient" line to
      session [success=ok default=ignore] pam_lsass.so
  12. Reboot and login with domain user

3 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. If you are logged in with root priviledges you can remove the sudo commands that head your above instructions.

    ReplyDelete
  3. This can help with step 13:

    http://askubuntu.com/questions/121124/how-do-i-enable-the-other-user-for-login-with-active-directory

    In the case that you the ability to log in to the domain with any user found in your authentication server.

    ReplyDelete