[Novalug] Linux as a server for an office?

Brandon Saxe brandon20va@yahoo.com
Fri Jul 18 11:16:12 EDT 2008


I also reviewed the link you sent. It seems pretty thorough.Looks like it uses the strategy of using Samba as an AD Domain Controller.

In all cases, SAMBA is required for file server. I think Windows Services for UNIX has an NFS client if you wanted to do it that way, but I think it uses NIS and may not work as well with SSO. It's the authentication part where there's different ways to do it. I can think of three based on my research.

I guess the following would apply for each auth strategy:
1. SAMBA as AD DC - windows users authenticate to domain (built-in). UNIX machines would require samba client to authenticate to server (i have not validated how this works) 
2. LDAP auth - windows needs different GINA. UNIX built-in/packages available (i think)
3. KERBEROS auth - windows, use ksetup (built-in). UNIX built-in/packages available (i think)

I am not sure of all the advantages/disadvantages of each method.  

I'm not sure when I'll even get around to doing my setup. I am working on building a virtualization server at home for *most* possible future needs ;)

--Brandon

--- On Fri, 7/18/08, Jay Hart <jhart@kevla.org> wrote:

> From: Jay Hart <jhart@kevla.org>
> Subject: Re: [Novalug] Linux as a server for an office?
> To: brandon20va@yahoo.com
> Cc: novalug@calypso.tux.org, "Igor Birman" <igor_birman@yahoo.com>
> Date: Friday, July 18, 2008, 10:59 AM
> I think this would be a great topic at a meeting.  Basically
> where peices are
> invloved, and some basic points to consider, if you have it
> working by then,
> that would be a bonus.
> 
> > I was researching the same thing for my heterogeneous
> network at home.
> >
> > For built-in windows authentication, you might want a
> kerberos server. See
> >
> http://technet2.microsoft.com/windowsserver/en/library/a606a6cd-0d09-4d8e-a709-ea4f93608b5f1033.mspx?mfr=true
> >
> > What's nice about that approach is that the
> kerberos technology is built-in to
> > Windows and would be supported, patched, etc.
> >
> > You *can* use LDAP to authenticate your windows user,
> but that requires what
> > is called a different GINA. Google it to learn more.
> >
> > There is also an O'Reilly book, "Windows in a
> Linux World".
> >
> http://books.google.com/books?id=NxMeJaLZAHwC&dq=linux+in+a+windows+world&pg=PP1&ots=ySsTmRqzfK&sig=L9VGgg2-F53ZDc0BUeg7nnAOyUA&hl=en&sa=X&oi=book_result&resnum=1&ct=result
> >
> > This book has some cool stuff for assisting with what
> you are trying to do.
> >
> > Overall, I think a good strategy is to implement
> OpenLDAP as the user store
> > (analogous to Active Directory store), and also
> implement Kerberos server for
> > encrypted authentication.
> >
> > There are some how-to's on how to do the
> combination on the internet. I
> > haven't yet implemented this, but this has been
> where my research has led me.
> >
> > Good luck,
> >   Brandon
> >
> >
> > --- On Fri, 7/18/08, Igor Birman
> <igor_birman@yahoo.com> wrote:
> >
> >> From: Igor Birman <igor_birman@yahoo.com>
> >> Subject: [Novalug] Linux as a server for an
> office?
> >> To: novalug@calypso.tux.org
> >> Date: Friday, July 18, 2008, 10:06 AM
> >> I have an opportunity to set up a new server for
> an office
> >> running Linux.  I want the same features as
> Windows server
> >> provides - single signon, ability to change
> password,
> >> access to samba shares without having to log in
> again, and
> >> access via VPN.
> >>
> >> Do I need OpenLDAP for this?  Every guide to it
> seems very
> >> complex - is there a quick and easy way to use it?
>  Do some
> >> commercial Linux distributions have this out of
> the box?  I
> >> found this link:
> >>
> https://help.ubuntu.com/community/LDAP-Samba_PDC_(for_Linux_and_Windows)
> >> with a big disclaimer at the top.
> >>
> >> Should I just use Samba as a PDC?  I see many
> articles
> >> about this from 2001 and 2002, but nothing recent.
> >>
> >> It looks like I can do this with OpenLDAP, but it
> looks
> >> very complicated.  Is there any easy way to
> provide these
> >> services for Windows machines, or should I be
> looking at
> >> Windows Server?
> >>
> >> Thanks,
> >>
> Igor_______________________________________________
> >> Novalug mailing list
> >> Novalug@calypso.tux.org
> >>
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> > _______________________________________________
> > Novalug mailing list
> > Novalug@calypso.tux.org
> >
> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >



More information about the Novalug mailing list