Active Directory Log on - Linux

This is a discussion on Active Directory Log on - Linux ; I have been reading up on what it would take to get Linux machines to log into Windows 2003 Native Domain and be a client without much to go by. Can someone point me to a good source? I will ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: Active Directory Log on

  1. Active Directory Log on

    I have been reading up on what it would take to get Linux machines to log
    into Windows 2003 Native Domain and be a client without much to go by. Can
    someone point me to a good source? I will be using Ubuntu (Debian based
    distro).

    Is this a commercial solution only?

    * Can someone at least tell me the main components I need for...
    (1) workstation (the Linux components) and
    (2) server side (what I need to setup to work in tandem with the Windows
    Servers or Linux clients).

    My goal is to replace all our workstations (300+) and have the critical
    Windows applications hosted on a Windows Terminal Server and have Linux
    workstation accessing it via RDP. However, I still must be able to show the
    viability of a Linux workstation coexisting and being part of a Windows 2003
    Native Domain.




  2. Re: Active Directory Log on

    KT wrote:
    > I have been reading up on what it would take to get Linux machines to log
    > into Windows 2003 Native Domain and be a client without much to go by. Can
    > someone point me to a good source? I will be using Ubuntu (Debian based
    > distro).
    >
    > Is this a commercial solution only?
    >
    > * Can someone at least tell me the main components I need for...
    > (1) workstation (the Linux components) and
    > (2) server side (what I need to setup to work in tandem with the Windows
    > Servers or Linux clients).
    >
    > My goal is to replace all our workstations (300+) and have the critical
    > Windows applications hosted on a Windows Terminal Server and have Linux
    > workstation accessing it via RDP. However, I still must be able to show the
    > viability of a Linux workstation coexisting and being part of a Windows 2003
    > Native Domain.
    >

    You do realise that you will need a Windows OS license for
    every workstation and Terminal Server license for each
    workstation? You will also need a license for every
    application (eg Word) that is displayed in a terminal session?

    Cheers,

    Cliff

    --

    Barzoomian the Martian - http://barzoomian.blogspot.com

  3. Re: Active Directory Log on

    Spake KT:
    > I have been reading up on what it would take to get Linux machines to log
    > into Windows 2003 Native Domain and be a client without much to go by. Can
    > someone point me to a good source? I will be using Ubuntu (Debian based
    > distro).
    >
    > Is this a commercial solution only?
    >
    > * Can someone at least tell me the main components I need for...
    > (1) workstation (the Linux components) and
    > (2) server side (what I need to setup to work in tandem with the Windows
    > Servers or Linux clients).


    I'd start looking at the Samba project, which provides a host and client
    for the SMB / CIFS protocol. I believe the newest versions will talk to
    a 2003 domain controller, and the people there will have more
    information than me about doing similar things (e.g. IMAP clients for
    Exchange 2k3).

    --
    Trent Buck, Student Errant
    For their next act, they'll no doubt be buying a firewall running under NT,
    which makes about as much sense as building a prison out of meringue.
    -- Tanuki

  4. Re: Active Directory Log on

    On Mon, 21 Mar 2005 07:46:22 +0000, KT wrote:

    > I have been reading up on what it would take to get Linux machines to log
    > into Windows 2003 Native Domain and be a client without much to go by. Can
    > someone point me to a good source?


    http://www.wlug.org.nz/ActiveDirectorySamba

    > I will be using Ubuntu (Debian based distro).


    That's fine. Basically configure Samba/Krb5/NTP/PAM/NSS and:

    net ads join -U Administrator

    > Is this a commercial solution only?


    No. You can download and configure this stuff yourself (if you prefer.)

    > * Can someone at least tell me the main components I need for...


    Samba 3.x / Kerberos v5 / DNS / NTP / (probably) PAM

    > (1) workstation (the Linux components) and


    Read above. I don't use Ubuntu though, so idunno which components are
    apt-get able (all of them?) Anyway, from the Samba tarball you only need
    the libraries the "net" command and "winbindd" service. However they need
    to have been compiled against Kerberos (try "ldd" to find-out about that.)

    And some way of syncing time between server and client(s).

    > (2) server side (what I need to setup to work in tandem with the Windows
    > Servers or Linux clients).


    Kerberos / Samba / OpenLDAP

    > My goal is to replace all our workstations (300+) and have the critical
    > Windows applications hosted on a Windows Terminal Server and have Linux
    > workstation accessing it via RDP.


    I don't know whether or not "rdesktop" can use Kerberos autentication, and
    if it doesn't: single-sign-on wount work there. However the MS-Windows
    server could be part of the SMB domain, and thus allow users to still have
    single, centrally administated, principals (user/machine/service accounts.)

    --
    -Menno.


  5. Re: Active Directory Log on

    On Mon, 21 Mar 2005 10:11:59 +0000, Menno Duursma wrote:

    [ I guess i'll add some context. ]

    >> (2) server side (what I need to setup to work in tandem with the Windows
    >> Servers or Linux clients).

    >
    > Kerberos


    IOW: edit /etc/krb5.conf and /etc/samba/smb.conf , join the SMB domain and
    make sure "kinit" gets you a ticket.

    For a server you probably want to have a look at Heimdal as the MIT KDC
    has (had?) some problems with threading: http://www.pdc.kth.se/heimdal/

    > Samba /


    http://us4.samba.org/samba/docs/man/...html#id2559516

    (If you run the "nscd" service, you might need to read: man nscd.conf BTW.)

    > OpenLDAP


    And (Cyrus)SASL with GSSAPI (Krb5) authentication method... Against which
    OpenLDAP should be compiled.

    HTH
    --
    -Menno.


  6. Re: Active Directory Log on

    Thank you...this at least starts me in the right direction!



    "Menno Duursma" wrote in message
    newsan.2005.03.21.12.45.52.923469@desktop.lan...
    > On Mon, 21 Mar 2005 10:11:59 +0000, Menno Duursma wrote:
    >
    > [ I guess i'll add some context. ]
    >
    >>> (2) server side (what I need to setup to work in tandem with the Windows
    >>> Servers or Linux clients).

    >>
    >> Kerberos

    >
    > IOW: edit /etc/krb5.conf and /etc/samba/smb.conf , join the SMB domain and
    > make sure "kinit" gets you a ticket.
    >
    > For a server you probably want to have a look at Heimdal as the MIT KDC
    > has (had?) some problems with threading: http://www.pdc.kth.se/heimdal/
    >
    >> Samba /

    >
    > http://us4.samba.org/samba/docs/man/...html#id2559516
    >
    > (If you run the "nscd" service, you might need to read: man nscd.conf
    > BTW.)
    >
    >> OpenLDAP

    >
    > And (Cyrus)SASL with GSSAPI (Krb5) authentication method... Against which
    > OpenLDAP should be compiled.
    >
    > HTH
    > --
    > -Menno.
    >




  7. Re: Active Directory Log on

    You are incorrect...we will license per user instead of devices for
    connecting to those Windows machines. Also, the license we are eliminating
    by doing this are actual workstation OS license and server OS license
    (Samaba on FS). We are not going to use MS Office therefore thats not an
    issue. The only reason we need Windows OS is for the reason of hosting the
    company applications and they are not licensed as MS products. The main
    license we are only concerned with are the PER User license on Terminal
    Servers.

    In terms of licensing, I have researched it, and being a former Microsoft
    Consultant, I realize the intricacies.


    "Enkidu" wrote in message
    news:423e9937$1@news2.actrix.gen.nz...
    > KT wrote:
    >> I have been reading up on what it would take to get Linux machines to log
    >> into Windows 2003 Native Domain and be a client without much to go by.
    >> Can
    >> someone point me to a good source? I will be using Ubuntu (Debian based
    >> distro).
    >>
    >> Is this a commercial solution only?
    >>
    >> * Can someone at least tell me the main components I need for...
    >> (1) workstation (the Linux components) and
    >> (2) server side (what I need to setup to work in tandem with the Windows
    >> Servers or Linux clients).
    >>
    >> My goal is to replace all our workstations (300+) and have the critical
    >> Windows applications hosted on a Windows Terminal Server and have Linux
    >> workstation accessing it via RDP. However, I still must be able to show
    >> the
    >> viability of a Linux workstation coexisting and being part of a Windows
    >> 2003
    >> Native Domain.
    >>

    > You do realise that you will need a Windows OS license for every
    > workstation and Terminal Server license for each workstation? You will
    > also need a license for every application (eg Word) that is displayed in a
    > terminal session?
    >
    > Cheers,
    >
    > Cliff
    >
    > --
    >
    > Barzoomian the Martian - http://barzoomian.blogspot.com




  8. Re: Active Directory Log on

    On Mon, 21 Mar 2005 07:46:22 GMT, "KT" wrote:

    >I have been reading up on what it would take to get Linux machines to log
    >into Windows 2003 Native Domain and be a client without much to go by. Can
    >someone point me to a good source? I will be using Ubuntu (Debian based
    >distro).
    >
    >Is this a commercial solution only?
    >
    >* Can someone at least tell me the main components I need for...
    >(1) workstation (the Linux components) and
    >(2) server side (what I need to setup to work in tandem with the Windows
    >Servers or Linux clients).
    >
    >My goal is to replace all our workstations (300+) and have the critical
    >Windows applications hosted on a Windows Terminal Server and have Linux
    >workstation accessing it via RDP. However, I still must be able to show the
    >viability of a Linux workstation coexisting and being part of a Windows 2003
    >Native Domain.
    >
    >

    What has worked for me in the past is the NIS and NFS services that
    come Windows Services for UNIX (now free). Although you could also
    probably use Samba. I guess it's a matter of who's going to take the
    burden of emulating the other platform.

  9. Re: Active Directory Log on

    On Mon, 21 Mar 2005 17:23:56 -0800, Ian East wrote:

    >On Mon, 21 Mar 2005 07:46:22 GMT, "KT" wrote:
    >
    >>I have been reading up on what it would take to get Linux machines to log
    >>into Windows 2003 Native Domain and be a client without much to go by. Can
    >>someone point me to a good source? I will be using Ubuntu (Debian based
    >>distro).
    >>
    >>Is this a commercial solution only?
    >>
    >>* Can someone at least tell me the main components I need for...
    >>(1) workstation (the Linux components) and
    >>(2) server side (what I need to setup to work in tandem with the Windows
    >>Servers or Linux clients).
    >>
    >>My goal is to replace all our workstations (300+) and have the critical
    >>Windows applications hosted on a Windows Terminal Server and have Linux
    >>workstation accessing it via RDP. However, I still must be able to show the
    >>viability of a Linux workstation coexisting and being part of a Windows 2003
    >>Native Domain.
    >>
    >>

    >What has worked for me in the past is the NIS and NFS services that
    >come Windows Services for UNIX (now free). Although you could also
    >probably use Samba. I guess it's a matter of who's going to take the
    >burden of emulating the other platform.


    One other thing to take into consideration as well is how many
    machines you have running each protocol. Is it going to be easier to
    make 300 machines talk Windows, or is it going to be easier to make
    your Terminal Servers talk Unix?

  10. Re: Active Directory Log on


    No, I am not incorrect:

    http://support.microsoft.com/default...b;en-us;244749

    It clearly states in there the licenses that are required.
    It also says that licensing has to be per seat. I
    investigated this at one time, and the extra costs were very
    large.

    Cheers,

    Cliff

    KT wrote:
    > You are incorrect...we will license per user instead of devices for
    > connecting to those Windows machines. Also, the license we are eliminating
    > by doing this are actual workstation OS license and server OS license
    > (Samaba on FS). We are not going to use MS Office therefore thats not an
    > issue. The only reason we need Windows OS is for the reason of hosting the
    > company applications and they are not licensed as MS products. The main
    > license we are only concerned with are the PER User license on Terminal
    > Servers.
    >
    > In terms of licensing, I have researched it, and being a former Microsoft
    > Consultant, I realize the intricacies.
    >
    >
    > "Enkidu" wrote in message
    > news:423e9937$1@news2.actrix.gen.nz...
    >
    >>KT wrote:
    >>
    >>>I have been reading up on what it would take to get Linux machines to log
    >>>into Windows 2003 Native Domain and be a client without much to go by.
    >>>Can
    >>>someone point me to a good source? I will be using Ubuntu (Debian based
    >>>distro).
    >>>
    >>>Is this a commercial solution only?
    >>>
    >>>* Can someone at least tell me the main components I need for...
    >>>(1) workstation (the Linux components) and
    >>>(2) server side (what I need to setup to work in tandem with the Windows
    >>>Servers or Linux clients).
    >>>
    >>>My goal is to replace all our workstations (300+) and have the critical
    >>>Windows applications hosted on a Windows Terminal Server and have Linux
    >>>workstation accessing it via RDP. However, I still must be able to show
    >>>the
    >>>viability of a Linux workstation coexisting and being part of a Windows
    >>>2003
    >>>Native Domain.
    >>>

    >>
    >>You do realise that you will need a Windows OS license for every
    >>workstation and Terminal Server license for each workstation? You will
    >>also need a license for every application (eg Word) that is displayed in a
    >>terminal session?
    >>
    >>Cheers,
    >>
    >>Cliff
    >>
    >>--
    >>
    >>Barzoomian the Martian - http://barzoomian.blogspot.com

    >
    >
    >




    --

    Barzoomian the Martian - http://barzoomian.blogspot.com

  11. Re: Active Directory Log on

    Cliff...those are TS CAL licenses...I agree there - those are what's called
    connecting CAL licenses - I am talking more about actual physical box
    licenses. For example, you would have XP license, license for connecting
    for a service (Exchange, TS, etc), and external licenses - I am focused on
    eliminating the XP or workstation license. I know there will still be cost
    for TS CALS. Also, licensing is complicated matter with MS thus you need to
    get a Microsoft certified license handler (there are such things) - I
    guarantee if you go to 3 different vendors, you would get 3 different
    quotes.




    "Enkidu" wrote in message
    news:423fd59f$1@news2.actrix.gen.nz...
    >
    > No, I am not incorrect:
    >
    > http://support.microsoft.com/default...b;en-us;244749
    >
    > It clearly states in there the licenses that are required. It also says
    > that licensing has to be per seat. I investigated this at one time, and
    > the extra costs were very large.
    >
    > Cheers,
    >
    > Cliff
    >
    > KT wrote:
    >> You are incorrect...we will license per user instead of devices for
    >> connecting to those Windows machines. Also, the license we are
    >> eliminating by doing this are actual workstation OS license and server OS
    >> license (Samaba on FS). We are not going to use MS Office therefore
    >> thats not an issue. The only reason we need Windows OS is for the reason
    >> of hosting the company applications and they are not licensed as MS
    >> products. The main license we are only concerned with are the PER User
    >> license on Terminal Servers.
    >>
    >> In terms of licensing, I have researched it, and being a former Microsoft
    >> Consultant, I realize the intricacies.
    >>
    >>
    >> "Enkidu" wrote in message
    >> news:423e9937$1@news2.actrix.gen.nz...
    >>
    >>>KT wrote:
    >>>
    >>>>I have been reading up on what it would take to get Linux machines to
    >>>>log
    >>>>into Windows 2003 Native Domain and be a client without much to go by.
    >>>>Can
    >>>>someone point me to a good source? I will be using Ubuntu (Debian based
    >>>>distro).
    >>>>
    >>>>Is this a commercial solution only?
    >>>>
    >>>>* Can someone at least tell me the main components I need for...
    >>>>(1) workstation (the Linux components) and
    >>>>(2) server side (what I need to setup to work in tandem with the Windows
    >>>>Servers or Linux clients).
    >>>>
    >>>>My goal is to replace all our workstations (300+) and have the critical
    >>>>Windows applications hosted on a Windows Terminal Server and have Linux
    >>>>workstation accessing it via RDP. However, I still must be able to show
    >>>>the
    >>>>viability of a Linux workstation coexisting and being part of a Windows
    >>>>2003
    >>>>Native Domain.
    >>>>
    >>>
    >>>You do realise that you will need a Windows OS license for every
    >>>workstation and Terminal Server license for each workstation? You will
    >>>also need a license for every application (eg Word) that is displayed in
    >>>a terminal session?
    >>>
    >>>Cheers,
    >>>
    >>>Cliff
    >>>
    >>>--
    >>>
    >>>Barzoomian the Martian - http://barzoomian.blogspot.com

    >>
    >>
    >>

    >
    >
    >
    > --
    >
    > Barzoomian the Martian - http://barzoomian.blogspot.com




  12. Re: Active Directory Log on


    We were left in no state of uncertainty - to buy a TSClient
    CAL you need a Windows OS license.

    Cheers,

    Cliff

    KT wrote:
    > Cliff...those are TS CAL licenses...I agree there - those are what's called
    > connecting CAL licenses - I am talking more about actual physical box
    > licenses. For example, you would have XP license, license for connecting
    > for a service (Exchange, TS, etc), and external licenses - I am focused on
    > eliminating the XP or workstation license. I know there will still be cost
    > for TS CALS. Also, licensing is complicated matter with MS thus you need to
    > get a Microsoft certified license handler (there are such things) - I
    > guarantee if you go to 3 different vendors, you would get 3 different
    > quotes.
    >
    >
    >
    >
    > "Enkidu" wrote in message
    > news:423fd59f$1@news2.actrix.gen.nz...
    >
    >>No, I am not incorrect:
    >>
    >>http://support.microsoft.com/default...b;en-us;244749
    >>
    >>It clearly states in there the licenses that are required. It also says
    >>that licensing has to be per seat. I investigated this at one time, and
    >>the extra costs were very large.
    >>
    >>Cheers,
    >>
    >>Cliff
    >>
    >>KT wrote:
    >>
    >>>You are incorrect...we will license per user instead of devices for
    >>>connecting to those Windows machines. Also, the license we are
    >>>eliminating by doing this are actual workstation OS license and server OS
    >>>license (Samaba on FS). We are not going to use MS Office therefore
    >>>thats not an issue. The only reason we need Windows OS is for the reason
    >>>of hosting the company applications and they are not licensed as MS
    >>>products. The main license we are only concerned with are the PER User
    >>>license on Terminal Servers.
    >>>
    >>>In terms of licensing, I have researched it, and being a former Microsoft
    >>>Consultant, I realize the intricacies.
    >>>
    >>>
    >>>"Enkidu" wrote in message
    >>>news:423e9937$1@news2.actrix.gen.nz...
    >>>
    >>>
    >>>>KT wrote:
    >>>>
    >>>>
    >>>>>I have been reading up on what it would take to get Linux machines to
    >>>>>log
    >>>>>into Windows 2003 Native Domain and be a client without much to go by.
    >>>>>Can
    >>>>>someone point me to a good source? I will be using Ubuntu (Debian based
    >>>>>distro).
    >>>>>
    >>>>>Is this a commercial solution only?
    >>>>>
    >>>>>* Can someone at least tell me the main components I need for...
    >>>>>(1) workstation (the Linux components) and
    >>>>>(2) server side (what I need to setup to work in tandem with the Windows
    >>>>>Servers or Linux clients).
    >>>>>
    >>>>>My goal is to replace all our workstations (300+) and have the critical
    >>>>>Windows applications hosted on a Windows Terminal Server and have Linux
    >>>>>workstation accessing it via RDP. However, I still must be able to show
    >>>>>the
    >>>>>viability of a Linux workstation coexisting and being part of a Windows
    >>>>>2003
    >>>>>Native Domain.
    >>>>>
    >>>>
    >>>>You do realise that you will need a Windows OS license for every
    >>>>workstation and Terminal Server license for each workstation? You will
    >>>>also need a license for every application (eg Word) that is displayed in
    >>>>a terminal session?
    >>>>
    >>>>Cheers,
    >>>>
    >>>>Cliff
    >>>>




    --

    Barzoomian the Martian - http://barzoomian.blogspot.com

+ Reply to Thread