Linux equivalent to Active Directory?

[Superwormy]

Our company has decided to at least seriously investigate moving away from Windows due to nightmares with Vista and Active Directory. The only applications the machines need to be able to run are Firefox and Thunderbird.

What we need is:
- A central server, running Linux or BSD
- Other machines connect and authenticate to central server
- Simple file sharing between other machines and server

Basically, a really simple version of Active Directory, all we need that main server for is centralized authentication.

Is there a distribution of Linux/BSD that is ready to do this out of the box with minimal configuration? We don't want to spend 6 months getting everything installed and ready, I need it to just work. Does it exist?

Thanks!

 

[stash]

due to nightmares with Vista and Active Directory

Just curious, what kind of nightmares?

 

[Superwormy]

Hardware incompat., performance, system requirements, integration with existing stuff (Linux, BSD).

 

[Brazen]

Originally posted by: Superwormy

Our company has decided to at least seriously investigate moving away from Windows due to nightmares with Vista and Active Directory. The only applications the machines need to be able to run are Firefox and Thunderbird.

What we need is:
- A central server, running Linux or BSD
- Other machines connect and authenticate to central server
- Simple file sharing between other machines and server

Basically, a really simple version of Active Directory, all we need that main server for is centralized authentication.

Is there a distribution of Linux/BSD that is ready to do this out of the box with minimal configuration? We don't want to spend 6 months getting everything installed and ready, I need it to just work. Does it exist?

Thanks!

Samba will do authentication and file sharing. Samba can be set up to be something similar to an NT4 domain controller. It doesn't have all the Group Policy features though. I'm hoping Samba4 will have something equivalent to Group Policy.

 

[Panther505]

Clark Connect Enterprise will do what you need, the PITA is when it comes to the mail side it gets a little weird. But currently I am doing this at one of the businesses that I support and it is working great (once I complete the rest of the migration

Panther505

 

[RebateMonger]

Not trying to be critical --- But your post reads like you bought a Windows server and a bunch of Vista upgrades and installed them all without testing first.

You didn't say what you started with (in the way of workstations and servers). That might help in giving better advice.

 

[Superwormy]

We have maybe 30 machines, and several servers, each for different applications. The machines are Windows 2003 Server or FreeBSD. Most other machines are Windows 2000, Windows XP, or Vista, depending on when they were purchased. A few of the customer service machines run Linux, and we've had *significantly* less problems with the Linux machines than with the Windows machines.

Everything is at least mostly working now, but there are some things which management is unhappy with:
a) The costs associated with Windows (yes, Windows licenses are more expensive than what it costs to support Linux installs)
b) Current integration with the Linux/BSD servers (no, Samba is not always a clean solution)
c) Hardware requirements for Vista (our new machines run *slooowww* with Vista, and seem to crash more often)
d) Various hardware-related issues we've had with Windows machines in the past
e) The continued problems Microsoft seems to have with building a secure OS with reasonable system requirements

 

[Nothinman]

The only applications the machines need to be able to run are Firefox and Thunderbird.

Then why not run them on Linux? It'll probably be much simpler if you don't try to wedge Windows clients into the setup.

We don't want to spend 6 months getting everything installed and ready, I need it to just work.

Then you're probably barking up the wrong tree, until Samba 4 with AD support comes out you'll have to setup LDAP and Kerberos manually and if you knew how to do that already you wouldn't need to post about it here. =)

These might get you started:

http://mailman.mit.edu/piperma...s/2006-May/009895.html
http://technet.microsoft.com/e.../library/bb742432.aspx

 

[Smilin]

Originally posted by: Superwormy
We don't want to spend 6 months getting everything installed and ready, I need it to just work. Does it exist?

Regardless of the product you choose, if you don't administer it properly life will suck.

I think your nightmares may be just beginning.

 

[KB]

If you want Nightmares try to implement OpenLDAP on linux. AD is so much easier to administrate, I think you will regret converting until Linux tools improves a bit more. (I use Ubuntu)

 

[Darkstar757]

KB is right I run serveral OPENLDAP servers and its a PITA.

 

[funkbass81]

e) The continued problems Microsoft seems to have with building a secure OS with reasonable system requirements

thanks for the laugh

 

[funkbass81]

also, remember the P's

Proper Planning Prevents Piss Poor Performance.

 

[Nothinman]

KB is right I run serveral OPENLDAP servers and its a PITA.

Yea, but you don't _need_ OpenLDAP for centralized authentication. Of course doing that means you'll have local accounts on all of the machines that are just mapped to the accounts in kerberos so it's a tradeoff.

 

[Smilin]

Originally posted by: Nothinman

KB is right I run serveral OPENLDAP servers and its a PITA.

Yea, but you don't _need_ OpenLDAP for centralized authentication. Of course doing that means you'll have local accounts on all of the machines that are just mapped to the accounts in kerberos so it's a tradeoff.

local accounts on all the machines mapped to accounts in kerberos sounds like more fun than a barrel of monkeys!

dcpromo on the otherhand is the most difficult 5 minutes of your life you'll ever spend

 

[Nothinman]

local accounts on all the machines mapped to accounts in kerberos sounds like more fun than a barrel of monkeys!

Yea, I'd probably just bite the bullet and get good at writing ldif files.

dcpromo on the otherhand is the most difficult 5 minutes of your life you'll ever spend

It's not the initial setup of Windows machines that is too bad, although that's still a PITA with all of the driver issues, patching and rebooting. =)

 

[SoundTheSurrender]

What about the Novell LDAP solution? That's what my college uses but it's with Windows XP. Anyways, all our my doc stuff/and programs are located on a server and not on the local machine. I would think Novell would have a similar solution for Linux.

 

[RebateMonger]

One of the toughest problems you'll have is trying to do BOTH Linux and Windows. I find it hard to be a semi-expert in just one OS. For one person to become an expert in both and maintain both and keep them talking to each other is going to require some real dedication.

I manage a BUNCH of Windows servers and clients in other people's offices and generally find AD and 2000/XP clients pretty trouble-free. But I spent a fair amount of time learning how to do that, and I don't attempt to insert any Linux boxes in the mix, since I'm far from an expert in 'Nix.

So far, I haven't recommended any Vista upgrades for clients. I think it's a bit too soon. But Vista's troubleshooting features should be a big help in the future, since client PC problems are, by far, the biggest pain in managing a Windows AD network.

 

[XZeroII]

"I just want it to work" and "Linux" are not necessarily mutually exclusive, but I think that you're living in a dream world if you think that a beginner would be able to do this. If you're having trouble with AD, then Linux is way out of your league.

 

[Brazen]

I know this thread is old, but I was just reading about Samba 4 and it does indeed implement Active Directory and Group Policies. There is even a screenshot on the Samba wiki of a Samba domain controller being administered from the Windows 2003 Adminpak tools on XP.

 

[Nothinman]

And it's still in the alpha stage so it'll probably be a while before it's reliable enough to trust.

 

[Brazen]

Yeah, I still trust it slightly less than a Windows domain controller