On Fri, 2004-05-28 at 10:40, Matt Morgan wrote: > This is not specifically a Fedora question, but there are a lot of smart > people on this list ... hopefully somebody can point me in the right > direction. > > I would like to switch my organization from Windows 2000 professional to > Linux on the desktop. I am satisfied enough with the performance of > OpenOffice.org to substitute it for MS-Office, and we already use > Thunderbird and Firefox for email/web. I'm not worried about the apps, > in other words. What we have that is Windows-only can be run on our > Terminal Servers. > > It's authentication that worries me. Our servers are a mix of Windows > 2000/2003 and Linux, and our primary authentication is against Windows > 2000 Active Directory servers. What we are having difficulty replicating > under Linux is the ease of domain logins on the workstations, where > essentially there are no local accounts; the workstation is a member of > the domain and it trusts domain accounts for local login. So > authentication is almost entirely centralized; anyone can login to any > workstation (within limits we set) on the domain, and we don't have to > do anything to copy accounts to each workstation. While we may > eventually dispense with the Active Directory servers, they will be with > us through the transition period (1.5 to 2 years, I estimate) and maybe > longer, so some system that allows compatible, shared auth between > Windows and Linux workstations is a requirement for our transition. > > Xandros Desktop Linux has done a lot of work, starting back when they > were Corel Linux 1.0, in creating a system of Windows domain login that > works under Linux. See > > http://www.desktoplinux.com/articles/AT4559768996.html > > for details of how this should work, and does work under Xandros. But > Xandros is uncomfortably proprietary for me and I would much prefer a > more open solution. As far as I can tell, Xandros does not make it easy > to use their domain auth system generally, with other distros for > example. In the interview at the link above, the Xandros rep claims > there is no other distro that does this--while I don't know of any that > do, it seems like such an obvious goal that I'd be very surprised if > nobody else is at least working on it. > > Has anybody done this on their system with more open tools? Or another > option seems to be maintaining an NIS server that somehow replicates > accounts with the AD servers, so that NIS handles Linux login, while AD > handles only Windows--anybody tried that? Or if anybody else has come up > with other solutions to this or similar problems, please write in. We > have looked at all the PAM options--kerberos, LDAP, etc.--and none of > them look quite as good as what Xandros has done; but if they work for > you, I'm very interested in hearing your stories. ----- samba / winbind if you need documentation www.samba.org -> documentation, samba-3 howto Craig
