Joing Linux to a Windows Domain
Posted: Tue Sep 23, 2008 2:57 pm
Hey guys,
Got a few questions I hope people can answer (or point me to information that can answer it).
Right now at work we have 2 little worlds on our network. We have the big Windows 2k3 exchange/active directory/ntp/dns/dhcp/so-forth-and-so-forth-ect domain. Then we have the Linux PC's that well....they just do whatever they are told and they just run. No domain or anything on these guys. I manually update/manage/nsupdate/samba the systems to play nice with Windows on a case-by-case basis. I run primarily Debian stable (currently Etch, will be Lenny soon) and CentOS 4 (4.7 just released like a week ago so I am slowly migrating to that so I have a mixture of 4.4 - 4.7)
Well we have this project that has come up that it would really be nice if the Linux box was on the Windows domain. It would really make things easier for almost every party if a user could log into the Linux system in the same manner they do on their XP system. So I started my research.
Now I have not done it yet, but I am 95% confident that I could join a Linux box to the Windows domain using LDAP, Samba, and Winbind; after all most of the windows domain principles/standards came from the Unix world with the help of At&T. You should have seen the looks on the faces of the Windows admins when I presented that to them (I really had to struggle not to laugh at the sheer pale-faced wide-eyed horror). Anyway, lets just say there is some reserve about problems that might arise. This made me think that even if they give me the thumbs up to proceed, should there be even the slightest hiccup (perceived, real, or imaginary) guess who they are going to blame in a blink of an eye? I am not a Windows guy and the last thing I need to be doing is debugging MS blue screens to find the problem and prove Linux didn't do it. So now I have a few options.
1) Just suck it up and go the more difficult route of this project and keep Windows separated from Linux.
2) Join to the domain and hope everything works as advertised (on both sides of the fence; Linux and windows).
3) Find an alternative method....
Step three is what I am kinda working on now.
----Possible alternative 1----
I found this quote on Wikipedia when researching Active Directory ( http://en.wikipedia.org/wiki/Active_Dir ... _Directory ).
I have never heard of such a thing (then again I am not a Windows guy so I don't mess with Windows domains much).
Does anyone have any experience with this? Are there any other alternatives to the listed services?
If "two-way synchronization" means what I think it means, then that sounds like it could be what I am looking for.
----Possible alternative 2----
I also am doing research on SME that was presented at the last meeting. I don't know if this really is possible, but I am thinking if I join all of the Linux systems to their own domain, then I might be able to join the domains in a trusted relationship. Then the two are kept separate but can still interact.
----Possible alternative 3----
I keep digging up information on products like IBM's Tivoli, HP's Openview, and Red Hats Satellite. Now at this time, I have just begun researching these products but I found a source through a GIS that said these products allow for managing many systems from setting up NFS, to adding a user, to managing package updates/installations. Anyone know of some open source tools for doing this? My thought is that if I can control all of the Linux systems from a single host template then setting up a single Linux system on the domain and patching through things like NFS mounts would be a piece of cake!
I will be researching this quite a bit over the next week or so; I will keep you guys updated on what I find. I would appreciate any comments, especially from those who are managing a mixed environment domain where it is Linux joining the Windows domain.
Thanks!
~Stack~
Got a few questions I hope people can answer (or point me to information that can answer it).
Right now at work we have 2 little worlds on our network. We have the big Windows 2k3 exchange/active directory/ntp/dns/dhcp/so-forth-and-so-forth-ect domain. Then we have the Linux PC's that well....they just do whatever they are told and they just run. No domain or anything on these guys. I manually update/manage/nsupdate/samba the systems to play nice with Windows on a case-by-case basis. I run primarily Debian stable (currently Etch, will be Lenny soon) and CentOS 4 (4.7 just released like a week ago so I am slowly migrating to that so I have a mixture of 4.4 - 4.7)
Well we have this project that has come up that it would really be nice if the Linux box was on the Windows domain. It would really make things easier for almost every party if a user could log into the Linux system in the same manner they do on their XP system. So I started my research.
Now I have not done it yet, but I am 95% confident that I could join a Linux box to the Windows domain using LDAP, Samba, and Winbind; after all most of the windows domain principles/standards came from the Unix world with the help of At&T. You should have seen the looks on the faces of the Windows admins when I presented that to them (I really had to struggle not to laugh at the sheer pale-faced wide-eyed horror). Anyway, lets just say there is some reserve about problems that might arise. This made me think that even if they give me the thumbs up to proceed, should there be even the slightest hiccup (perceived, real, or imaginary) guess who they are going to blame in a blink of an eye? I am not a Windows guy and the last thing I need to be doing is debugging MS blue screens to find the problem and prove Linux didn't do it. So now I have a few options.
1) Just suck it up and go the more difficult route of this project and keep Windows separated from Linux.
2) Join to the domain and hope everything works as advertised (on both sides of the fence; Linux and windows).
3) Find an alternative method....
Step three is what I am kinda working on now.
----Possible alternative 1----
I found this quote on Wikipedia when researching Active Directory ( http://en.wikipedia.org/wiki/Active_Dir ... _Directory ).
An alternate option is to use another directory service such as Fedora Directory Server (formerly Netscape Directory Server) or Sun Microsystems Sun Java System Directory Server, which can perform a two-way synchronization with Active Directory and thus provide a "deflected" integration with Active Directory as Unix and Linux clients will authenticate to FDS and Windows Clients will authenticate to Active Directory.
I have never heard of such a thing (then again I am not a Windows guy so I don't mess with Windows domains much).
Does anyone have any experience with this? Are there any other alternatives to the listed services?
If "two-way synchronization" means what I think it means, then that sounds like it could be what I am looking for.
----Possible alternative 2----
I also am doing research on SME that was presented at the last meeting. I don't know if this really is possible, but I am thinking if I join all of the Linux systems to their own domain, then I might be able to join the domains in a trusted relationship. Then the two are kept separate but can still interact.
----Possible alternative 3----
I keep digging up information on products like IBM's Tivoli, HP's Openview, and Red Hats Satellite. Now at this time, I have just begun researching these products but I found a source through a GIS that said these products allow for managing many systems from setting up NFS, to adding a user, to managing package updates/installations. Anyone know of some open source tools for doing this? My thought is that if I can control all of the Linux systems from a single host template then setting up a single Linux system on the domain and patching through things like NFS mounts would be a piece of cake!
I will be researching this quite a bit over the next week or so; I will keep you guys updated on what I find. I would appreciate any comments, especially from those who are managing a mixed environment domain where it is Linux joining the Windows domain.
Thanks!
~Stack~