Hi, I was looking around for Linux active directory support and found an article on ms services for UNIX. Which apparently allows Linux clients to authenticate to ad as if it was a nis and nfs server. My questions, would this be a good direction to take for active directory migration? By that I mean the following... 1 Setup ms services for UNIX, use the server for nfs and to authenticate Linux boxes with ad user accounts as if it was a nis server 2 Deploy Linux desktops, set up nis and nfs on the clients. 3 Migrate ad user accounts to a real nis and nfs server, ensuring to implement a secure channel for nis and nfs to travel over. How to do this yet I don’t know. Main reason for this idea of migration is the xp pcs requirement of group policy, I couldn't move over to samba/nfs/nis until there were no xp pcs.
From this, I do think this method could allow me to move more slowly, due to proprietary software holding me back. Waiting for successmaker to come out with cross platform capabilities, which I've been told they are working on.
From step 2, how would be best to go about altering the users environment in KDE? Can kiosk allow you to alter an home directory of a test user that can be used as a default profile like how xp works? Sorry for the comparison, but I can only work with what I know. I would also like to make the menu locked for students, so would that be a case of read only-ing their menu folder. Also can you prevent someone from using sudo? Im still contemplating my distro for here and am seriously considering mepis because of how slick it is and that it using true debian repositories. Unlike some distros I know...
Does freenx have to co-exist with ltsp in order for thin clients to benefit from freenx? As it seems it's not a thin client in itself. Sorry if I got the wrong end of the stick on this one, Im still learning. Many Thanks Alan Loughlin -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 11/06/2005
On 13 Jun 2005 at 9:37, Alan Loughlin wrote:
Main reason for this idea of migration is the xp pcs requirement of group policy, I couldn't move over to samba/nfs/nis until there were no xp pcs. From this, I do think this method could allow me to move more slowly, due to proprietary software holding me back. Waiting for successmaker to come out with cross platform capabilities, which I've been told they are working on.
I'm sorry.. you lost me there. What about group policy requirements restricts you from making a smoother transition? ----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner
what I meant, was that I couldn't move active directory over first because of the use of group policy. If I did, I would have to configure local policies on the xp clients and use logon scripts to enforce registry settings for the user accounts, unless I used mandatory profiles for the users, which I don’t want to do. The other aspect of the slow move would be that I can test the 2 side by side and have user input on the configuration of the pc's and user accounts. Also, my skills are limited on Linux, compared to MS AD networks, so it will also be a trial for me. Many Thanks Alan Loughlin -----Original Message----- From: Paul Graydon [mailto:graydpau@hhc.ac.uk] Sent: 13 June 2005 11:52 To: suse-linux-uk-schools@suse.com Subject: Re: [suse-linux-uk-schools] Migration Questions - MS Services for Unix and freenx On 13 Jun 2005 at 9:37, Alan Loughlin wrote:
Main reason for this idea of migration is the xp pcs requirement of group policy, I couldn't move over to samba/nfs/nis until there were no xp pcs. From this, I do think this method could allow me to move more slowly, due to proprietary software holding me back. Waiting for successmaker to come out with cross platform capabilities, which I've been told they are working on.
I'm sorry.. you lost me there. What about group policy requirements restricts you from making a smoother transition? ----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 11/06/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.9 - Release Date: 11/06/2005
--- Alan Loughlin <loughlina@swalcliffepark.co.uk> wrote:
what I meant, was that I couldn't move active directory over first because of the use of group policy. If I did, I would have to configure local policies on the xp clients and use logon scripts to enforce registry settings for the user accounts, unless I used mandatory profiles for the users, which I dont want to do.
I second this. Unless I'm much mistaken (after some research into the subject a few months back) the options you've outlined are indeed the ones open. Unless (and I hope) Paul's about to correct us on this... AD is a requirement for non-local group policies in XP... We've gone with mandatory profiles for exactly this reason. Please tell me there's another way... Ta -- Matt Johnson ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
On 13 Jun 2005 at 18:38, Matt Johnson wrote:
--- Alan Loughlin <loughlina@swalcliffepark.co.uk> wrote:
what I meant, was that I couldn't move active directory over first because of the use of group policy. If I did, I would have to configure local policies on the xp clients and use logon scripts to enforce registry settings for the user accounts, unless I used mandatory profiles for the users, which I dont want to do.
I second this. Unless I'm much mistaken (after some research into the subject a few months back) the options you've outlined are indeed the ones open.
Unless (and I hope) Paul's about to correct us on this... AD is a requirement for non-local group policies in XP... We've gone with mandatory profiles for exactly this reason. Please tell me there's another way...
Ta
-- Matt Johnson
If there is, its not one I know :-( We use Zen on our Novell servers to push out our policy packages, which is extremely effective in our experience. Unless you're looking to buy Novells Open Enterprise Server, that's not an option. To be honest, the procedure looks about the same as we're looking to undertake, and all we're doing is mergine two college networks together. After some debate we settled on adopting a 'softly softly' approach over 12 months that gives us fallbacks at every stage of the process. ----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner
On Mon, 2005-06-13 at 09:37 +0100, Alan Loughlin wrote:
Hi,
I was looking around for Linux active directory support and found an article on ms services for UNIX. Which apparently allows Linux clients to authenticate to ad as if it was a nis and nfs server.
We actually use services for unix (SFU) at present, we have the same usernames on both Active Directory and Linux (via NIS). This works fairly well for us and we use SFU to sync the passwords from Active Directory to our main NIS server. There are a couple of caveats to this: 1. As far as I know there is no support for group policy style restrictions on unix boxes 2. Don't bother trying to run the unix side of NIS or SFU on a 64bit machine (ie AMD64) as this just doesn't work (from bitter experience), but it does work fine on 32 bit machines. We do have some moderately complex user creation scripts to make users on Active Directory (via LDAP) and on Linux at the same time that I can strip the passwords out of and share if people are interested. We however are looking at a different way of doing this based on the new Fedora Directory Server that was released a couple of weeks ago. This is a full LDAP directory server including management tools. More importantly has tools to allow a 2 way sync with with Windows Active Directory server. While we haven't got much further than the looking at this stages it looks like a least an option to be considered. If the looking at it pans out we might well be rolling out at least a test version of this for September and maybe even a live one. Further information about this can be found here: http://directory.fedora.redhat.com/wiki/Main_Page -- Tim Fletcher Learning Technologies Manager - Parrs Wood High School tim@parrswood.manchester.sch.uk Tel: 0161 445 8786 Tim Fletcher C/O Parrs Wood High School Wilmslow Road Manchester M20 5PG
--- Tim Fletcher <tim@parrswood.manchester.sch.uk> wrote:
1. As far as I know there is no support for group policy style restrictions on unix boxes
There are, but it's file-system dependant. Ext3, *does* have support for ACLs (Access Control Lists) which are about as close to group-policies as you'll get.
2. Don't bother trying to run the unix side of NIS or SFU on a 64bit machine (ie AMD64) as this just doesn't work (from bitter experience), but it does work fine on 32 bit machines.
Running it in a 32-bit chroot, should provide no problems. -- Thomas Adam. ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
participants (5)
-
Alan Loughlin -
Matt Johnson -
Paul Graydon -
Thomas Adam -
Tim Fletcher