[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] Active Directory support in linux distributions



It appears you can do it and Âcreate directories automatically with Samba: Âhttp://wiki.samba.org/index.php/Samba_%26_Active_Directory

I only scanned quickly, so no flames if I missed some details. ;-)

Casey
OS4Ed

On Thu, May 27, 2010 at 10:48 AM, Matthew W. Ross <mross@xxxxxxxxxxxxxxxxxx> wrote:
> From: Peter Scheie
> As I understand it, what you want is for your users to login on a Linux
> workstation, but for login to be authenticated by an AD server, and their
> home
> directory to actually be a share mounted from a Windows server. The first
> can be
> handled by Winbind which comes with Ubuntu, SUSE, etc. ÂThe major distros
> all
> come with a GUI configuration utility where you can pick AD as the
> authentication mechanism. Â There are many articles on the web on how to set
> it
> up.

Correct on all accounts. I am looking for authentication through Active Directory, and many distributions support this natively.

> As to the second part, having the user's home directory actually be a
> mounted
> share from a Windows server, I don't think that's possible, but I don't
> think
> it's possible with a Windows desktop, either. ÂRather, while there is the
> local
> disk and a directory for the user on that disk, the remote share from the
> Windows server can be mapped to a directory within the local $HOME (Linux
> doesn't use drive letters), just as you would map a user's home directory on
> the
> Windows server to, say, drive H:. ÂI would check out the Samba mailing lists
> for
> more info about this though (as I haven't worked with Samba for a few
> years). HTH

It is possible. In the windows world, it's called Folder Redirection. You can use this to redirect the user's Documents, Desktop or other folders to a share, and the Home Folder share is a natural place to place these redirections. Of course, you can just have the traditional H: style home folder..

The Mac OS X platform supports the direct mounting of the Active Directory Home folder directly as the user's home folder, over the network. Or, if you don't want the direct-mount approach, it will create a local /Users/$HOME and scripts a link to the AD home onto the user's Dock.

Even if the Home folder is not mounted directly as the user's home, I would accept the user's AD Home Folder being mounted (Or some shortcut mapped to the share being made) at login. I will check with the Samba lists to see if anybody does this while preventing other users from accessing the mounted share.

Thank you,


--Matt Ross
Ephrata School District


----- Original Message -----

[mailto:peter@xxxxxxxxxxxxxxxxxx]
To:
schoolforge-discuss@xxxxxxxxxxxxxxx
Sent: Wed, 26 May 2010 19:37:11
-0700
Subject: Re: [school-discuss] Active Directory support in linux
distributions



>
> As to the second part, having the user's home directory actually be a
> mounted
> share from a Windows server, I don't think that's possible, but I don't
> think
> it's possible with a Windows desktop, either. ÂRather, while there is the
> local
> disk and a directory for the user on that disk, the remote share from the
> Windows server can be mapped to a directory within the local $HOME (Linux
> doesn't use drive letters), just as you would map a user's home directory on
> the
> Windows server to, say, drive H:. ÂI would check out the Samba mailing lists
> for
> more info about this though (as I haven't worked with Samba for a few
> years). HTH
>
> Peter
>
> Matthew W. Ross wrote:
> > I'm not looking for full GPO implementations, nor managed printers or DFS
> support. I am simply looking for a Linux distribution that supports a user's
> home folder as it is specified in Active Directory. This home folder
> specification has existed at least since Windows NT, and even Samba supports
> providing one for users. Why can't a Linux distribution support mounting
> this at login? I was asking in hopes that I simply haven't looked at Distro
> X, and somebody on the list could nudge me in the right direction.
> >
> > As for what I mean by a "Supported Distribution", I simply meant that the
> distro was still in development, not abandoned or defunct.
> >
> > If such a distro doesn't exist yet, I'm rather sad for the Linux
> community. This is a pivotal feature which our school district depends on:
> The user's data must be backed up. We manage this only by having the files
> in a central storage which we can reliably backup ourselves. Without this
> ability, we cannot offer it to the users as a workstation, only as an
> internet kiosk.
> >
> > Please don't take my comments as snide or rude. I am still hopeful that
> either this distribution exists, or that this feature becomes available in
> the near future.
> >
> >
> > --Matt Ross
> > Ephrata School District
> >
> >
> > ----- Original Message -----
> > From: Tim Dressel
> > [mailto:tjdressel@xxxxxxxxx]
> > To: schoolforge-discuss@xxxxxxxxxxxxxxx
> > Sent:
> > Tue, 25 May 2010 18:08:09 -0700
> > Subject: Re: [school-discuss] Active
> > Directory support in linux distributions
> >
> >
> >> There are no other platforms that integrate with deep level things like
> >> group policy. Apple comes close on the being able to apply some GPO's and
> >> access to home folders and guid mapping, and there are other platforms
> that
> >> do some of the manageability of Active Directory, but none that integrate
> >> very cleanly. From what I've seen its less about manageability and more
> >> about configuration management. On the surface those sound similar, but
> they
> >> are actually quite different in practice.
> >>
> >> I think the only way to get to a heterogeneous network is to implement
> some
> >> sort of LDAP between two or more different directory structures. When you
> >> say "supported", that pretty much limits you to enterprise deployments
> with
> >> vendors like Red Hat and IBM, but it doesn't come cheap. The whole idea
> >> behind support in the open source community is that its supported by the
> >> community.
> >>
> >
>



--
Casey Adams
Phone: 205.612.5489
Fax: 717.326.3543.