[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] Active Directory support in linux distributions

To: schoolforge-discuss@xxxxxxxxxxxxxxx
Subject: Re: [school-discuss] Active Directory support in linux distributions
From: Les R <openadmin@xxxxxxxxx>
Date: Wed, 26 May 2010 21:37:25 -0600
Delivered-to: archiver@xxxxxxxx
Delivered-to: schoolforge-discuss-outgoing@xxxxxxxx
Delivered-to: schoolforge-discuss@xxxxxxxx
Delivery-date: Wed, 26 May 2010 23:37:46 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=wCJEbJMHNkXZ3fzYGjXx3qVkFr8W/pPusa635fVJf6U=; b=q4vNtf//9Sv4aRt6bJsGGcAenQq36dJ4osn5rOr7LKRmrgDHfF3RLKZBY8pSxJKl1I EbeoFYxO+xeGdmHID+cKLU3T8HHHV0QDTRBiY9d7MWk6UMYhSzRu/A4sLujkq1qtXb8b 566GVfkBrj4VTfEsNxP7h3GcAqn/3tv+D0H7A=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=EndOqkAHavxxMVQomAZz3HDNYRuUau2n1G/HWI1Pzh7NlekB7JxK36kVuUf7z3qXoy wdmA7mXDGdeci6jOPIOpsOFjUemH50JjFQnYT6uUSCQytpQxBjhvWMhlzS8qsa+4l1TF KWfA+3fwrHr2kSqLASJixl8di85ZwBtO//eXs=
In-reply-to: <4BFDDAD7.6070208@xxxxxxxxxxxxxxxxxx>
References: <20100526064341.e0361d5c@xxxxxxxxxxxxxxxxxxxxxxx> <4BFDDAD7.6070208@xxxxxxxxxxxxxxxxxx>
Reply-to: schoolforge-discuss@xxxxxxxxxxxxxxx
Sender: owner-schoolforge-discuss@xxxxxxxxxxxxxxx

Hi Peter,

No, I think we are talking a variety of clients ( MS Windows, Linux
Fat Client) mounting home folders so they can
access their files and print from any client.  Currently we are using
Sunray Terminal, and Ubuntu Fat client (ie. normal desktop)
and are adding Windows clients (workstation labs, wireless netbooks )
to the mix in a high school setting. These are normally
cloned by Clonezilla, etc. and locked with SteadyState, DeepFreeze,
etc.  Most activity is web based for students, not
older LAN based, except for particular classes (ie. Accounting, Cad,
etc).  Large number of Smart Boards, etc.
We want very little tech intervention required to keep these going.

The server(s) are Sun iron running Ubuntu and there is a single server
(appropriately named 'Murphy') that does NFS file service
to those Sunray Clients (via their app servers),  Ubuntu Desktops (via
NFS and LDAP login), and also SMB to  MS Windows Terminal
Server (ie. Windows apps via RDesktop to Sunray / Ubtuntu desktops).

I'm just working on the SMB user management configuration to keep this
relatively simple for the roving wireless netbooks in the school.
This is not yet complete. I have documentation on all the rest.

It does work very reliably with the Achilles heel being user
management on the samba site.  The cleanest approach is to use LDAP,
however
perl scripting to update the smb password files will also work as
well.  LDAP will be easier to synchronize since the tools are
already done.

Bottom Line:  No turnkey solutions exactly, but solutions do exist
that are reliable, and doable.


Les Richardson
Light of Christ Catholic School Division
North Battleford, SK, Canada

Open Admin for Schools.





On 26 May 2010 20:37, Peter Scheie <peter@xxxxxxxxxxxxxxxxxx> wrote:
> As I understand it, what you want is for your users to login on a Linux
> workstation, but for login to be authenticated by an AD server, and their
> home directory to actually be a share mounted from a Windows server. The
> first can be handled by Winbind which comes with Ubuntu, SUSE, etc.  The
> major distros all come with a GUI configuration utility where you can pick
> AD as the authentication mechanism.   There are many articles on the web on
> how to set it up.
>
> As to the second part, having the user's home directory actually be a
> mounted share from a Windows server, I don't think that's possible, but I
> don't think it's possible with a Windows desktop, either.  Rather, while
> there is the local disk and a directory for the user on that disk, the
> remote share from the Windows server can be mapped to a directory within the
> local $HOME (Linux doesn't use drive letters), just as you would map a
> user's home directory on the Windows server to, say, drive H:.  I would
> check out the Samba mailing lists for more info about this though (as I
> haven't worked with Samba for a few years). HTH
>
> Peter
>
> Matthew W. Ross wrote:
>>
>> I'm not looking for full GPO implementations, nor managed printers or DFS
>> support. I am simply looking for a Linux distribution that supports a user's
>> home folder as it is specified in Active Directory. This home folder
>> specification has existed at least since Windows NT, and even Samba supports
>> providing one for users. Why can't a Linux distribution support mounting
>> this at login? I was asking in hopes that I simply haven't looked at Distro
>> X, and somebody on the list could nudge me in the right direction.
>>
>> As for what I mean by a "Supported Distribution", I simply meant that the
>> distro was still in development, not abandoned or defunct.
>>
>> If such a distro doesn't exist yet, I'm rather sad for the Linux
>> community. This is a pivotal feature which our school district depends on:
>> The user's data must be backed up. We manage this only by having the files
>> in a central storage which we can reliably backup ourselves. Without this
>> ability, we cannot offer it to the users as a workstation, only as an
>> internet kiosk.
>>
>> Please don't take my comments as snide or rude. I am still hopeful that
>> either this distribution exists, or that this feature becomes available in
>> the near future.
>>
>>
>> --Matt Ross
>> Ephrata School District
>>
>>
>> ----- Original Message -----
>> From: Tim Dressel
>> [mailto:tjdressel@xxxxxxxxx]
>> To: schoolforge-discuss@xxxxxxxxxxxxxxx
>> Sent:
>> Tue, 25 May 2010 18:08:09 -0700
>> Subject: Re: [school-discuss] Active
>> Directory support in linux distributions
>>
>>
>>> There are no other platforms that integrate with deep level things like
>>> group policy. Apple comes close on the being able to apply some GPO's and
>>> access to home folders and guid mapping, and there are other platforms
>>> that
>>> do some of the manageability of Active Directory, but none that integrate
>>> very cleanly. From what I've seen its less about manageability and more
>>> about configuration management. On the surface those sound similar, but
>>> they
>>> are actually quite different in practice.
>>>
>>> I think the only way to get to a heterogeneous network is to implement
>>> some
>>> sort of LDAP between two or more different directory structures. When you
>>> say "supported", that pretty much limits you to enterprise deployments
>>> with
>>> vendors like Red Hat and IBM, but it doesn't come cheap. The whole idea
>>> behind support in the open source community is that its supported by the
>>> community.
>>>
>>
>

References:
- Re: [school-discuss] Active Directory support in linux distributions
  - From: Matthew W. Ross
- Re: [school-discuss] Active Directory support in linux distributions
  - From: Peter Scheie

Prev by Author: Re: [school-discuss] Replacing Active Directory with Linux File Server
Next by Author: [school-discuss] Invitation to Present
Previous by thread: Re: [school-discuss] Active Directory support in linux distributions
Next by thread: Re: [school-discuss] Active Directory support in linux distributions
Index(es):
- Author
- Thread