Likewise Enterprise Installation and Administration Guide
   View in PDFView Book as 1 Web PageDownload Compiled Help (.chm)List of All Documents | Next

Likewise Enterprise Installation and Administration Guide

Last updated: March 18, 2011.

Abstract

This guide describes how to install Likewise Enterprise and connect computers running Unix, Linux, and Mac OS X to Active Directory. The guide covers installing the Likewise agent, configuring the agent, installing the Likewise Management Console on a Windows administrative workstation connected to Active Directory, configuring a domain for use with Likewise, migrating Unix users to Active Directory, logging on with domain credentials, and monitoring events.

This guide is supplemented by the Likewise community forum, which you can join at http://www.likewise.com/community/, and by manuals in the documentation library, including the Group Policy Administration Guide.

This Version

Likewise Enterprise 6.0: http://www.likewise.com/resources/documentation_library/manuals/lwe/likewise-enterprise-guide.html

Select Your View:

 Single-page HTML document.

 Multiple-page HTML web site.

 Compiled Help with folder view and advanced search. (Download the zip file and then save its .chm file to a local folder. On some versions of Windows, you must unblock a .chm file before you can view it. To unblock it after saving it locally, right-click the file, click Properties, and then click Unblock.)

 PDF.

Previous Versions

Likewise Enterprise 5.2 and 5.3: http://www.likewise.com/resources/documentation_library/manuals/lwe/likewise-enterprise-53-guide.html (PDF)

Likewise Enterprise 5.1: http://www.likewise.com/resources/documentation_library/manuals/lwe/likewise-enterprise-51-guide.html (PDF)

Likewise Enterprise 5.0: http://www.likewise.com/resources/user_documentation/LikewiseEnterprise5.0_Installation_and_Administration_Guide.pdf

Likewise Enterprise 4.1 or earlier: http://www.likewise.com/resources/documentation_library/#enterprise

Table of Contents

1. Introduction
1.1. Task Road Map
1.2. Software Products
1.3. Software Components
2. Planning Your Installation and Deployment
2.1. Overview of the Installation Process
2.2. Planning Your Deployment
2.3. About Schema Mode and Non-Schema Mode
2.3.1. Changes Made by the Schema Wizard
2.3.2. Key Differences
2.3.3. Pros and Cons of the Schema Modes
2.4. About Likewise Cells
2.5. Best Practices for Modes, Cells, Group Policies, and User Rights
3. Installing and Using the Console
3.1. About the Likewise Console
3.2. Requirements
3.3. Install the Likewise Console
3.4. Start the Likewise Console
3.5. Connect to a Domain
3.6. Run the Schema Mode Wizard
3.7. Replication in a Large Forest or in Multiple Domains
3.8. Upgrade the Schema of a Forest
3.9. Add a Plug-In
4. Working with Cells
4.1. Make a Cell and Associate it with an OU or a Domain
4.1.1. Moving a Computer to Another Cell
4.2. Create a Default Cell
4.2.1. Use Pre-Existing RFC 2307 Data
4.3. Associate a User with One or More Cells
4.4. Add a Group to a Cell
4.5. Add a User to a Cell
4.6. Link Cells
4.7. Delegate Control to Create Container Objects
4.8. Administering Cells with Cell Manager
5. Managing Users, Groups, and Computers
5.1. Modify Likewise Settings in ADUC
5.2. Create a User
5.3. Finding Users and Groups in ADUC
5.4. Provision a User with Linux or Unix Access
5.5. Provision a Group with Linux or Unix Access
5.6. Specify a User's ID and Unix or Linux Settings
5.7. Apply Unix or Linux Settings to Multiple Users
5.8. Set a User Alias
5.9. Set a Group Alias
5.10. Set the Default Home Directory
5.11. Set the Default Login Shell
5.12. Assign a Group ID
5.13. Disable a User
5.14. Improve MMC Performance When Accessing Likewise Settings in ADUC
5.15. Extend File Mode Permissions with POSIX ACLs
5.15.1. Using POSIX ACLs to Grant AD Accounts Access to Subversion
6. Migrating Users to Active Directory
6.1. About Diagnostics and Migration
6.2. Migrate Users to Active Directory
6.3. Find Orphaned Objects
6.4. Migrate a User Profile on a Mac
7. The Likewise Agent
7.1. About the Likewise Agent
7.2. Daemons
7.3. The Likewise Registry
7.4. Ports and Libraries
7.5. Caches
7.6. Time Synchronization
7.7. Using a Network Time Protocol Server
7.8. Automatic Detection of Offline Domain Controller and Global Catalog
7.9. UID-GID Generation in Likewise Open and Likewise Enterprise Cells
7.10. Cached Credentials
7.11. Trust Support
7.12. The Likewise CIFS File Server
7.13. Integrating with Samba
7.14. Supported Platforms
8. Configuring Clients Before Agent Installation
8.1. Configure nsswitch.conf
8.2. Configure resolv.conf
8.3. Configure Firewall Ports
8.4. Extend Partition Size Before Installing Likewise on IBM AIX
8.5. Increase Max Username Length on IBM AIX
8.6. Check System Health Before Installing the Agent
9. Installing the Agent
9.1. Install the Correct Version for Your Operating System
9.2. Requirements for the Agent
9.3. Install the Agent on Linux or Unix with the Shell Script
9.4. Install the Agent on Linux in Unattended Mode
9.5. Install the Agent on Unix with the Command Line
9.6. Install the Agent on a Mac Computer
9.7. Install the Agent on a Mac in Unattended Mode
9.8. Installing the Agent in Solaris Zones
9.9. Upgrading Your Operating System
10. Joining an Active Directory Domain
10.1. About Joining a Domain
10.2. Join Active Directory with the Command Line
10.3. Join Active Directory Without Changing /etc/hosts
10.4. Join a Linux Computer to Active Directory with the GUI
10.5. Join a Mac Computer to Active Directory with the GUI
10.5.1. Turn Off OS X Directory Service Authentication
10.6. Use Likewise with a Single OU
10.7. Rename a Joined Computer
10.8. Files Modified When You Join a Domain
10.9. With NetworkManager, Use a Wired Connection to Join a Domain
11. Logging On with Domain Credentials
11.1. About Logging On
11.2. Log On with AD Credentials
11.3. Log On with SSH
11.4. Solve Logon Problems from Windows
11.5. Solve Logon Problems on Linux or Unix
12. Troubleshooting Domain-Join Problems
12.1. Top 10 Reasons Domain Join Fails
12.2. Solve Domain-Join Problems
12.3. Dealing with Common Error Messages
12.3.1. Configuration of Krb5
12.3.2. Chkconfig Failed
12.4. Diagnose NTP on Port 123
13. Configuring the Agent
13.1. Modify Settings with the Config Tool
13.2. Add Domain Accounts to Local Groups with /etc/group
13.3. Configure Entries in Your Sudoers Files
13.4. Set a Sudoers Search Path
14. Troubleshooting the Agent
14.1. Likewise Daemons and Services
14.1.1. Troubleshoot Likewise Daemons with the Service Manager
14.1.2. Check the Status of the Authentication Daemon
14.1.3. Check the Status of the DCE/RPC Daemon
14.1.4. Check the Status of the Network Logon Daemon
14.1.5. Check the Status of the Input-Output Service
14.1.6. Restart the Authentication Daemon
14.1.7. Restart the DCE/RPC Daemon
14.1.8. Restart the Network Logon Daemon
14.1.9. Restart the Input-Output Service
14.2. Logging
14.2.1. Generate an Authentication Agent Debug Log
14.2.2. Generate a Debug Log for Netlogond
14.2.3. Generate a Domain-Join Log
14.2.4. Generate a Network Trace
14.3. Basics
14.3.1. Check the Version and Build Number
14.3.2. Determine a Computer's FQDN
14.3.3. Make Sure Outbound Ports Are Open
14.3.4. Check the File Permissions of nsswitch.conf
14.3.5. Configure SSH After Upgrading It
14.3.6. Upgrading an Operating System
14.4. Accounts
14.4.1. Allow Access to Account Attributes
14.4.2. A User's Settings Are Not Displayed in ADUC
14.4.3. Resolve an AD Alias Conflict with a Local Account
14.4.4. Fix the Shell and Home Directory Paths
14.4.5. Troubleshooting with the Get Status Command
14.4.6. Troubleshoot User Rights with Ldp.exe and Group Policy Modeling
14.5. Cache
14.5.1. Clear the Authentication Cache
14.5.2. Clear a Corrupted SQLite Cache
14.6. Kerberos
14.6.1. Fix a Key Table Entry-Ticket Mismatch
14.6.2. Fix KRB Error During SSO in a Disjoint Namespace
14.6.3. Eliminate Logon Delays When DNS Connectivity Is Poor
14.7. PAM
14.7.1. Generate a PAM Debug Log
14.7.2. Dismiss the Network Credentials Required Message
14.8. Red Hat and CentOS
14.8.1. Modify PAM to Handle UIDs Less Than 500
14.9. SLED
14.9.1. A Note About the Home Directory on SLED 11
14.9.2. Updating PAM on SLED 11
14.10. AIX
14.10.1. Increase Max Username Length on AIX
14.10.2. Updating AIX
14.11. Mac OS X
14.11.1. Generate a Directory Service Log on a Mac
14.11.2. Find the Likewise Service Manager Daemon on a Mac
14.12. FreeBSD
14.12.1. Keep Usernames to 16 Characters or Less
14.13. Solaris
14.13.1. Turn On Core Dumps on Solaris 10
15. Command-Line Reference
15.1. lwsm: Manage Services
15.2. lwregshell: The Registry Shell
15.3. lw-edit-reg: Export the Registry to Your Editor
15.4. lw-set-log-level: Set the Log Level
15.5. lw-set-machine-name: Change the Hostname in the Local Provider
15.6. Find a User or a Group
15.7. Find a User by a SID
15.8. List Groups for a User
15.9. lw-enum-groups: List Groups
15.10. lw-enum-users: List Users
15.11. lw-get-status: View the Status of the Authentication Providers
15.12. lw-get-current-domain
15.13. lw-get-dc-list: List Domain Controllers
15.14. lw-get-dc-name: Get Domain Controller Information
15.15. lw-get-dc-time: Get Domain Controller Time
15.16. lw-get-log-info
15.17. lw-get-metrics
15.18. Get Machine Account Information
15.19. Reload Changes to the Configuration File
15.20. lw-trace-info: Turn on Trace Markers in Log Messages
15.21. lw-update-dns: Dynamically Update DNS
15.22. lw-ad-cache: Manage the AD Cache
15.23. domainjoin-cli: Join or Leave a Domain
15.24. lw-ypcat
15.25. lw-ypmatch
15.26. uuid
15.27. lw-adtool: Modify Objects in AD
15.28. lwio: Input-Output Commands
15.28.1. lwio-copy: Copy Files Across Disparate Operating Systems
15.28.2. lwio-refresh: Reload the Input-Output Settings After Changes
15.28.3. lwio-set-log-level
15.28.4. lwio-get-log-info
15.29. Commands to Modify Local Accounts
15.29.1. lw-add-user: Add a Local User by Name or UID
15.29.2. lw-add-group: Add a Local Group Member by Name or GID
15.29.3. lw-del-user: Remove a Local User by Name or UID
15.29.4. lw-del-group: Remove a Local Group by Name or GID
15.29.5. lw-mod-user: Modify a Local User by Name or UID
15.29.6. lw-mod-group: Modify a Local Group's Members
15.30. Kerberos Commands
15.30.1. kdestroy: Destroy the Kerberos Ticket Cache
15.30.2. klist: View Kerberos Tickets
15.30.3. kinit: Obtain and Cache a TGT
15.30.4. kpasswd: Change a Password
15.30.5. ktutil: The Keytab File Maintenance Utility
15.30.6. Kvno: Acquire a Service Ticket and Print Key Version Number
15.30.7. krb5-config: Identify Your Version of Kerberos
15.31. Commands and Scripts Not for Customer Use
15.31.1. ConfigureLogin
15.31.2. dceidl
15.31.3. demo
15.31.4. gpcron
15.31.5. gpcron.sh
15.31.6. gprsrtmnt.sh
15.31.7. idl
15.31.8. init-base.sh
15.31.9. lwmapsecurity-test
15.32. Likewise Enterprise Tools Installed on Windows Computers
15.32.1. Lwopt.exe
16. Leaving a Domain and Uninstalling the Agent
16.1. Leave a Domain
16.2. Uninstall the Domain Join GUI
16.3. Uninstall the Agent on a Linux or Unix Computer
16.4. Uninstall the Agent on a Mac
17. Using Likewise with Smart Cards
17.1. Smart Card Setup
17.2. Log On with a Smart Card
17.3. Smart Card Group Policies
18. Managing Licenses
18.1. About Licenses
18.2. Creating a License Container
18.3. Import a License File
18.4. Assign a License to a Computer in AD
18.5. Manage a License Key on a Likewise Client
18.6. Delete a License
18.7. Revoke a License
19. Setting Up the Likewise Reporting Database
19.1. Introduction
19.2. Overview
19.3. Requirements
19.4. Setting Up SQL Server
19.4.1. Install and Configure SQL Server
19.4.2. Create a Database Named LikewiseEnterprise
19.4.3. Run the Likewise Database Creation Script
19.4.4. Install the Likewise DB Utilities
19.4.5. SQL Server Database Security Notes
19.5. Setting Up MySQL
19.5.1. Create a Database Named LikewiseEnterprise
19.5.2. Allow the Database To Accept External Connections from Account
19.5.3. Run the Likewise Database Creation Script
19.5.4. Install the Likewise DB Utilities
19.5.5. Customize Your MySQL Security Settings
19.6. Connecting the Likewise Console to the Database
19.6.1. Connect the Likewise Console to the Database
19.6.2. Make Sure the Collector Processes Are Running
19.6.3. Run the DB Update Script
19.7. Setting Computers to Forward Events to LWCollector
19.7.1. Set Event Forwarding with a GPO
19.7.2. Forward Events by Changing Your Local Settings
19.7.3. Cull Events from Syslog
19.8. Generate a Sample Report
19.9. Monitoring Events with the Operations Dashboard
19.9.1. Start the Operations Dashboard
19.9.2. Connect to a Database
19.9.3. Change the Refresh Rate
19.10. Configuring the Likewise Data Collectors
19.10.1. LWCollector
19.10.2. LWEventDBReaper
19.11. Working with the Enterprise Database Management Plug-In
19.11.1. Connect to a Database
19.11.2. Change the Parameters of the Collectors
19.11.3. Set the ACL for RPC Access
19.12. Archiving Events
19.13. Troubleshooting
19.13.1. Check the Endpoints
19.13.2. Check the Collector
19.13.3. Check the Database
19.13.4. Troubleshooting Checklists
19.13.5. Switching Between Databases
20. Monitoring Events with the Event Log
20.1. Monitor Events with the Event Log
20.2. View the Local Event Log
20.3. The Event Type
20.4. The Event Source
20.5. List of Events by Source ID
21. Using Likewise for Single Sign-On
21.1. About Single Sign-On
21.2. Make Sure PAM Is Enabled for SSH
21.3. Configure PuTTY for Windows-Based SSO
21.4. Solve the SSO Problem on Red Hat and CentOS
21.5. On RHEL5 and AIX, Set Reverse PTR Host Definitions for SSO with SSH
21.6. Configure AIX 5.3 for Outbound Single Sign-On with SSH
21.7. Configure Apache for SSO
21.7.1. Kerberos Library Mismatch
21.8. Examples
22. Configuring the Likewise Services with the Registry
22.1. About the Registry
22.1.1. The Structure of the Registry
22.1.2. Data Types
22.2. Modify Settings with the lwconfig Tool
22.3. Gain Access to the Registry
22.4. Change the Value of an Entry with the Shell
22.4.1. Set Common Options with the Registry Shell
22.5. Change the Value of an Entry from the Command Line
22.6. Find a Value Entry
22.7. Settings in the lsass Branch
22.7.1. Log Level Value Entries
22.7.2. Turn On Event Logging
22.7.3. Turn Off Network Event Logging
22.7.4. Restrict Logon Rights
22.7.5. Display an Error to Users Without Access Rights
22.7.6. Display an MOTD
22.7.7. Change the Domain Separator Character
22.7.8. Change the Replacement Character for Spaces
22.7.9. Turn Off System Time Synchronization
22.7.10. Set the Default Domain
22.7.11. Set the Home Directory and Shell for Domain Users
22.7.12. Set the Umask for Home Directories
22.7.13. Set the Skeleton Directory
22.7.14. Force Likewise Enterprise to Work Without Cell Information
22.7.15. Refresh User Credentials
22.7.16. Turn Off K5Logon File Creation
22.7.17. Change the Duration of the Machine Password
22.7.18. Sign and Seal LDAP Traffic
22.7.19. NTLM Value Entries
22.7.20. Additional Subkeys
22.7.21. Set the Interval for Checking the Status of a Domain
22.7.22. Set the Interval for Caching an Unknown Domain
22.8. Cache Settings in the lsass Branch
22.8.1. Set the Cache Type
22.8.2. Cap the Size of the Memory Cache
22.8.3. Change the Duration of Cached Credentials
22.8.4. Change NSS Membership and NSS Cache Settings
22.9. Settings in the eventlog Branch
22.9.1. Allow Users and Groups to Delete Events
22.9.2. Allow Users and Groups to Read Events
22.9.3. Allow Users and Groups to Write Events
22.9.4. Set the Maximum Disk Size
22.9.5. Set the Maximum Number of Events
22.9.6. Set the Maximum Event Timespan
22.9.7. Change the Purge Interval
22.10. Settings in the netlogon Branch
22.10.1. Set the Negative Cache Timeout
22.10.2. Set the Ping Again Timeout
22.10.3. Set the Writable Rediscovery Timeout
22.10.4. Set the Writable Timestamp Minimum Change
22.10.5. Set CLdap Options
22.11. Settings in the lwio Branch
22.11.1. Sign Messages If Supported
22.11.2. Enable Security Signatures
22.11.3. Require Security Signatures
22.11.4. Set Support for SMB2
23. Contacting Technical Support
23.1. Contact Support
23.2. Provide Diagnostic Information to Technical Support
24. Legal Disclaimer and Copyright Notice
   Next
   Chapter 1. Introduction
Legal Disclaimer and Copyright Notice | Terms of Use
Copyright 2011 Likewise Software. All rights reserved.