[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] Active Directory support in linux distributions



> From: Peter Scheie
> As I understand it, what you want is for your users to login on a Linux 
> workstation, but for login to be authenticated by an AD server, and their
> home 
> directory to actually be a share mounted from a Windows server. The first
> can be 
> handled by Winbind which comes with Ubuntu, SUSE, etc.  The major distros
> all 
> come with a GUI configuration utility where you can pick AD as the 
> authentication mechanism.   There are many articles on the web on how to set
> it 
> up.

Correct on all accounts. I am looking for authentication through Active Directory, and many distributions support this natively.

> As to the second part, having the user's home directory actually be a
> mounted 
> share from a Windows server, I don't think that's possible, but I don't
> think 
> it's possible with a Windows desktop, either.  Rather, while there is the
> local 
> disk and a directory for the user on that disk, the remote share from the 
> Windows server can be mapped to a directory within the local $HOME (Linux 
> doesn't use drive letters), just as you would map a user's home directory on
> the 
> Windows server to, say, drive H:.  I would check out the Samba mailing lists
> for 
> more info about this though (as I haven't worked with Samba for a few
> years). HTH

It is possible. In the windows world, it's called Folder Redirection. You can use this to redirect the user's Documents, Desktop or other folders to a share, and the Home Folder share is a natural place to place these redirections. Of course, you can just have the traditional H: style home folder..

The Mac OS X platform supports the direct mounting of the Active Directory Home folder directly as the user's home folder, over the network. Or, if you don't want the direct-mount approach, it will create a local /Users/$HOME and scripts a link to the AD home onto the user's Dock.

Even if the Home folder is not mounted directly as the user's home, I would accept the user's AD Home Folder being mounted (Or some shortcut mapped to the share being made) at login. I will check with the Samba lists to see if anybody does this while preventing other users from accessing the mounted share.

Thank you,


--Matt Ross
Ephrata School District


----- Original Message -----

[mailto:peter@xxxxxxxxxxxxxxxxxx]
To:
schoolforge-discuss@xxxxxxxxxxxxxxx
Sent: Wed, 26 May 2010 19:37:11
-0700
Subject: Re: [school-discuss] Active Directory support in linux
distributions



> 
> As to the second part, having the user's home directory actually be a
> mounted 
> share from a Windows server, I don't think that's possible, but I don't
> think 
> it's possible with a Windows desktop, either.  Rather, while there is the
> local 
> disk and a directory for the user on that disk, the remote share from the 
> Windows server can be mapped to a directory within the local $HOME (Linux 
> doesn't use drive letters), just as you would map a user's home directory on
> the 
> Windows server to, say, drive H:.  I would check out the Samba mailing lists
> for 
> more info about this though (as I haven't worked with Samba for a few
> years). HTH
> 
> Peter
> 
> Matthew W. Ross wrote:
> > I'm not looking for full GPO implementations, nor managed printers or DFS
> support. I am simply looking for a Linux distribution that supports a user's
> home folder as it is specified in Active Directory. This home folder
> specification has existed at least since Windows NT, and even Samba supports
> providing one for users. Why can't a Linux distribution support mounting
> this at login? I was asking in hopes that I simply haven't looked at Distro
> X, and somebody on the list could nudge me in the right direction.
> > 
> > As for what I mean by a "Supported Distribution", I simply meant that the
> distro was still in development, not abandoned or defunct.
> > 
> > If such a distro doesn't exist yet, I'm rather sad for the Linux
> community. This is a pivotal feature which our school district depends on:
> The user's data must be backed up. We manage this only by having the files
> in a central storage which we can reliably backup ourselves. Without this
> ability, we cannot offer it to the users as a workstation, only as an
> internet kiosk.
> > 
> > Please don't take my comments as snide or rude. I am still hopeful that
> either this distribution exists, or that this feature becomes available in
> the near future.
> > 
> > 
> > --Matt Ross
> > Ephrata School District
> > 
> > 
> > ----- Original Message -----
> > From: Tim Dressel
> > [mailto:tjdressel@xxxxxxxxx]
> > To: schoolforge-discuss@xxxxxxxxxxxxxxx
> > Sent:
> > Tue, 25 May 2010 18:08:09 -0700
> > Subject: Re: [school-discuss] Active
> > Directory support in linux distributions
> > 
> > 
> >> There are no other platforms that integrate with deep level things like
> >> group policy. Apple comes close on the being able to apply some GPO's and
> >> access to home folders and guid mapping, and there are other platforms
> that
> >> do some of the manageability of Active Directory, but none that integrate
> >> very cleanly. From what I've seen its less about manageability and more
> >> about configuration management. On the surface those sound similar, but
> they
> >> are actually quite different in practice.
> >>
> >> I think the only way to get to a heterogeneous network is to implement
> some
> >> sort of LDAP between two or more different directory structures. When you
> >> say "supported", that pretty much limits you to enterprise deployments
> with
> >> vendors like Red Hat and IBM, but it doesn't come cheap. The whole idea
> >> behind support in the open source community is that its supported by the
> >> community.
> >>
> > 
>