Comments on: Can Linux Desktops Live in an Active Directory World?

By: Ted Haeger

Ted Haeger — Mon, 04 Jan 2010 15:37:58 +0000

@Johaqin: I recommend starting at Samba.org to find out the latest.

By: Johaqin

Johaqin — Mon, 04 Jan 2010 13:22:52 +0000

Hi,
I ve a question. I ve over 20 computers in a lab and i want to control those pc; by creating group policy, managing the network, giving access or not to web-sites, and keep logs of all the computers and something like that.. with the a linux based server. How can i do that or can i do that? And that must be free. I can not pay cost.

Thank you from now
Johaqin

By: Integrando Linux con el Directorio Activo « Noticias del web

Integrando Linux con el Directorio Activo « Noticias del web — Wed, 04 Feb 2009 21:34:19 +0000

[...] este blog un trabajador de Suse cuenta el magnífico trabajo de integración que están haciendo para que un [...]

By: Ted Haeger

Ted Haeger — Fri, 14 Nov 2008 00:47:23 +0000

@DVS:
You asked, “I haven’t seen a Linux-based web browser that is capable of reliably handling AD pass-through authentication. Is a ‘plug-in’ or hack available that can provide this functionality?”

When Lars and first demonstrated this to me, they showed it using a SUSE Linux system with Firefox. If I remember correctly, they told me that Firefox on SUSE is natively Kerberized, so pass-through authentication to OWA worked without a hitch. That’s going from distant memory at this point, so you’ll need to test to verify.

–Ted

By: DVS

DVS — Thu, 13 Nov 2008 23:02:15 +0000

To simplify access control, I develop all of my company’s Intranet apps to use Active Directory pass-through authentication. This identifies the user and determines their access rights based on their AD group membership. The app then provides a 2nd hop, impersonated pass-through authentication to a SQL Server 2005 database. It’s completely transparent to the user when they hit one of my apps, appearing to magically know who and where they are.

I haven’t seen a Linux-based web browser that is capable of reliably handling AD pass-through authentication. Is a “plug-in” or hack available that can provide this functionality? If so, I could potentially recommend a Linux-based PC deployment to some of our temporary job sites to assist in detering PC theft and misuse on corporate time.

By: mvellon

mvellon — Mon, 07 Jul 2008 15:47:45 +0000

Ted,

I know Guenther and Lars from their work on Samba. Jerry Carter (one of the other Samba 3 team members) is a Likewise employee and has done much to educate us on what it means to be an open source company.

As to Likewise Open, given its Samba connection, yes, it is fully Samba aware/compatible. You can do the AD “join” with Likewise and then set up Samba to be a member-server. We ship an “id mapper” that plugs into Samba to assure that it performs SID-id mapping in a consistent fashion. We also set up the Samba smb.conf file in a way to be compatible with the Likewise configuration file.

By: Ted Haeger

Ted Haeger — Wed, 02 Jul 2008 20:57:57 +0000

@mvellon et al:
Cool tip. Thanks for letting readers know.

As a point of clarification, the work Guenther (now at Red Hat) and Lars did on this is all free software as well. They both did this work as part of the Samba team during the era that Jeremy Allison was still at Novell. The Samba team, as many readers will attest, are extremely passionate about Free Software.

The one critique that could be made is that the easy admin components shown are part of YaST, which is open source, but is used mainly/only by SUSE-based distributions.

To readers investigating Likewise Open, I make no recommendation for or against, but I do advise to make sure that Likewise Open is using the hooks in Samba in order to comply with how most distros would provide such Active Directory functionality.

By: mvellon

mvellon — Wed, 02 Jul 2008 17:43:28 +0000

Gunther and Lars did a great job integrating this into SLED. If you're running a non-SLED distro or want some additional functionality, you might want to check out Likewise Open (Disclaimer: I work for Likewise). Likewise Open is free, open source, software that accomplishes the same thing. If you want additional functionality, we also have a non-free, commercial product, Likewise Enterprise, that adds group policy and several other features.

By: John Howell

John Howell — Thu, 05 Jun 2008 01:45:34 +0000

NDS and edirectory, a brilliant system but it suffered from the problem the client was not native in Windows, they only ever supported Netware Bindery in win 3.1 and Win95 unless you installed the Netware client which in early versions was a memory hog. However it gave you powerful login scripts (NT really only let you run .bat files or supply your own script interpreter) and when integrated with Zenworks allowed policy management of Win95/NT/XP desktops from within one policy editor and later versions could even read custom policy editor files so anything in the registry could be set via policy. The problem was NDS and eDirectory did not run well in Windows early on and was difficult to configure well, so you had to have Netware for good support.
Now Gnome configures much of it’s environment with gconf which to me just looks like a registry. Why not extend policy to this?
Local profile – could it not be possible to create an app that can run before the users x session starts to rsync their ~ folder to a network location. Maybe have a simple config file structure to include or exclude specific files/folders. That’s all windows roaming profile is.

By: slamlander

slamlander — Sun, 25 May 2008 16:43:19 +0000

Errata: The EC fines against Mickeysoft are in Euros, exceeding 2.6BEUR. They are recurring until MS complies. MS has used their last appeal.