Last updated: June 14, 2010. 
Abstract
This guide describes how to install Likewise Enterprise and connect computers running Unix, Linux, and Mac OS X to Active Directory. The guide covers installing the Likewise agent, configuring the agent, installing the Likewise Management Console on a Windows administrative workstation connected to Active Directory, configuring a domain for use with Likewise, migrating Unix users to Active Directory, logging on with domain credentials, and monitoring events.
This guide is supplemented by the Likewise community forum, which you can join at http://www.likewise.com/community/, and by manuals in the documentation library, including the Group Policy Administration Guide.
This Version
Likewise Enterprise 5.2 and 5.3: http://www.likewise.com/resources/documentation_library/manuals/lwe/likewise-enterprise-guide.html
Select Your View:
Compiled Help with folder view and advanced search. (Download the zip file and then save its .chm file to a local folder. On some versions of Windows, you must unblock a .chm file before you can view it. To unblock it after saving it locally, right-click the file, click Properties, and then click Unblock.)
PDF.
Previous Versions
Likewise Enterprise 5.1: http://www.likewise.com/resources/documentation_library/manuals/lwe/likewise-enterprise-51-guide.html (PDF)
Likewise Enterprise 5.0: http://www.likewise.com/resources/user_documentation/LikewiseEnterprise5.0_Installation_and_Administration_Guide.pdf
Likewise Enterprise 4.1 or earlier: http://www.likewise.com/resources/documentation_library/#enterprise
Table of Contents
- 1. Introduction
- 2. Planning Your Installation and Deployment
- 3. Installing and Using the Console
- 4. Working with Cells
- 5. Managing Users, Groups, and Computers
- 5.1. Modify Likewise Settings in ADUC
- 5.2. Create a User
- 5.3. Finding Users and Groups in ADUC
- 5.4. Provision a User with Linux or Unix Access
- 5.5. Provision a Group with Linux or Unix Access
- 5.6. Specify a User's ID and Unix or Linux Settings
- 5.7. Apply Unix or Linux Settings to Multiple Users
- 5.8. Set a User Alias
- 5.9. Set a Group Alias
- 5.10. Set the Default Home Directory
- 5.11. Set the Default Login Shell
- 5.12. Assign a Group ID
- 5.13. Disable a User
- 5.14. Improve MMC Performance When Accessing Likewise Settings in ADUC
- 5.15. Extend File Mode Permissions with POSIX ACLs
- 6. Migrating Users to Active Directory
- 7. The Likewise Agent
- 7.1. About the Likewise Agent
- 7.2. Daemons
- 7.3. Ports and Libraries
- 7.4. Caches
- 7.5. Configuration Files
- 7.6. Time Synchronization
- 7.7. Troubleshooting Kerberos
- 7.8. Using a Network Time Protocol Server
- 7.9. Automatic Detection of Offline Domain Controller and Global Catalog
- 7.10. UID-GID Generation in Likewise Open and Likewise Enterprise Cells
- 7.11. Cached Credentials
- 7.12. Trust Support
- 7.13. The Likewise CIFS File Server
- 7.14. Supported Platforms
- 8. Configuring Clients Before Agent Installation
- 9. Installing the Agent
- 9.1. Install the Correct Version for Your Operating System
- 9.2. Requirements for the Agent
- 9.3. Install the Agent on Linux or Unix with the Shell Script
- 9.4. Install the Agent on Linux with the BitRock GUI
- 9.5. Install the Agent on Linux with glibc 2.2 or Earlier
- 9.6. Install the Agent on Linux in Unattended or Text Mode
- 9.7. Install the Agent on Unix with the Command Line
- 9.8. Install the Domain Join GUI
- 9.9. Install the Agent on a Mac Computer
- 9.10. Install the Agent on a Mac in Unattended Mode
- 9.11. Upgrading to the Latest Agent
- 9.12. Upgrading Your Operating System
- 10. Joining an Active Directory Domain
- 10.1. About Joining a Domain
- 10.2. Join Active Directory with the Command Line
- 10.3. Join Active Directory Without Changing /etc/hosts
- 10.4. Join a Linux Computer to Active Directory with the GUI
- 10.5. Join a Mac Computer to Active Directory with the GUI
- 10.6. Use Likewise with a Single OU
- 10.7. Rename a Joined Computer
- 10.8. Files Modified When You Join a Domain
- 10.9. With NetworkManager, Use a Wired Connection to Join a Domain
- 11. Logging On with Domain Credentials
- 12. Troubleshooting Domain-Join Problems
- 13. Configuring the Likewise Agent
- 13.1. About Configuring the Agent
- 13.2. Restrict Logon Rights
- 13.3. Display an Error to Users Without Access Rights
- 13.4. Change the Domain Separator Character
- 13.5. Change the Replacement Character for Spaces
- 13.6. Turn Off System Time Synchronization
- 13.7. Set the Default Domain
- 13.8. Set the Home Directory and Shell for Domain Users
- 13.9. Change the Skeleton Directory
- 13.10. Set the Umask for Home Directories
- 13.11. Add Domain Accounts to Local Groups with /etc/group
- 13.12. Configure Entries in Your Sudoers Files
- 13.13. Set a Sudoers Search Path
- 13.14. Force Likewise Open to Ignore Cell Information
- 13.15. Refresh User Credentials
- 13.16. Change the Duration of Cached Credentials
- 13.17. Turn Off K5Logon File Creation
- 13.18. Change NSS Membership Settings
- 13.19. Change the Duration of the Machine Password
- 13.20. Change the Duration of Local Passwords
- 13.21. Set the Local Password Change Warning Interval
- 13.22. Display an MOTD
- 13.23. Sign and Seal LDAP Traffic
- 13.24. Working with Solaris Zones
- 14. Troubleshooting the Agent
- 14.1. Run the Authentication Daemon in Debug Mode
- 14.2. Check the Status of the Authentication Daemon
- 14.3. Check the Status of the DCE/RPC Daemon
- 14.4. Check the Status of the Network Logon Daemon
- 14.5. Check the Status of the Input-Output Service
- 14.6. Check the Version and Build Number
- 14.7. Clear the Authentication Cache
- 14.8. Determine a Computer's FQDN
- 14.9. Find the Likewise Daemons on a Mac
- 14.10. Fix a Key Table Entry-Ticket Mismatch
- 14.11. Generate a Domain-Join Log
- 14.12. Generate a Network Trace
- 14.13. Generate a PAM Debug Log
- 14.14. Generate an Authentication Agent Debug Log
- 14.15. Generate a Debug Log for Netlogond
- 14.16. Increase Max Username Length on AIX
- 14.17. Make Sure Outbound Ports Are Open
- 14.18. Resolve an AD Alias Conflict with a Local Account
- 14.19. Allow Access to Account Attributes
- 14.20. Restart the DCE/RPC Daemon
- 14.21. Restart the Network Logon Daemon
- 14.22. Restart the Input-Output Service
- 14.23. Restart the Authentication Daemon
- 14.24. Fix the Shell and Home Directory Paths
- 14.25. A Note About the Home Directory on SLED 11
- 14.26. Updating PAM on SLED 11
- 14.27. Configuring PAM on RHEL 5 and CentOS 5
- 14.28. Updating AIX
- 15. Command-Line Reference
- 15.1. lw-set-log-level: Set the Log Level
- 15.2. Find a User or a Group
- 15.3. Find a User by a SID
- 15.4. List Groups for a User
- 15.5. lw-enum-groups: List Groups
- 15.6. lw-enum-users: List Users
- 15.7. lw-get-status: View the Status of the Authentication Providers
- 15.8. lw-get-current-domain
- 15.9. lw-get-dc-list
- 15.10. lw-get-dc-name: Get Domain Controller Information
- 15.11. lw-get-dc-time
- 15.12. lw-get-log-info
- 15.13. lw-get-metrics
- 15.14. Get Machine Account Information
- 15.15. Reload Changes to the Configuration File
- 15.16. lw-trace-info: Turn on Trace Markers in Log Messages
- 15.17. lw-update-dns: Dynamically Update DNS
- 15.18. lw-ad-cache: Manage the AD Cache
- 15.19. domainjoin-cli
- 15.20. lw-ypcat
- 15.21. lw-ypmatch
- 15.22. uuid
- 15.23. lwio: Input-Output Commands
- 15.24. Commands to Modify Local Accounts
- 15.24.1. lw-add-user: Add a Local User by Name or UID
- 15.24.2. lw-add-group: Add a Local Group Member by Name or GID
- 15.24.3. lw-del-user: Remove a Local User by Name or UID
- 15.24.4. lw-del-group: Remove a Local Group by Name or GID
- 15.24.5. lw-mod-user: Modify a Local User by Name or UID
- 15.24.6. lw-mod-group: Modify a Local Group's Members
- 15.25. Kerberos Commands
- 15.25.1. kdestroy: Destroy the Kerberos Ticket Cache
- 15.25.2. klist: View Kerberos Tickets
- 15.25.3. kinit: Obtain and Cache a TGT
- 15.25.4. kpasswd: Change a Password
- 15.25.5. ksu: Kerberized Super User
- 15.25.6. ktutil: The Keytab File Maintenance Utility
- 15.25.7. Kvno: Acquire a Service Ticket and Print Key Version Number
- 15.25.8. krb5-config: Identify Your Version of Kerberos
- 15.26. Commands and Scripts Not for Customer Use
- 16. Leaving a Domain and Uninstalling the Agent
- 17. Setting Up the Likewise Reporting Database
- 17.1. Introduction
- 17.2. Overview
- 17.3. Requirements
- 17.4. Setting Up SQL Server
- 17.5. Setting Up MySQL
- 17.6. Connecting the Likewise Console to the Database
- 17.7. Setting Computers to Forward Events to LWCollector
- 17.8. Generate a Sample Report
- 17.9. Monitoring Events with the Operations Dashboard
- 17.10. Configuring the Likewise Data Collectors
- 17.11. Working with the Enterprise Database Management Plug-In
- 17.12. Archiving Events
- 17.13. Troubleshooting
- 18. Monitoring Events with the Event Log
- 19. Using Likewise for Single Sign-On
- 19.1. About Single Sign-On
- 19.2. Make Sure PAM Is Enabled for SSH
- 19.3. Configure PuTTY for Windows-Based SSO
- 19.4. Solve the SSO Problem on Red Hat and CentOS
- 19.5. On RHEL5 and AIX, Set Reverse PTR Host Definitions for SSO with SSH
- 19.6. Configure AIX 5.3 for Outbound Single Sign-On with SSH
- 19.7. Configure Apache for SSO
- 19.8. Examples
- 20. Likewise Administrative Console
- 21. Contacting Technical Support
- 22. Legal Disclaimer and Copyright Notice