Solved

Integrating Windows + Linux

Posted on 2004-08-18
6
364 Views
Last Modified: 2013-11-15
Hi all
As the heading suggests I am looking at Integrating Windows and Linux servers. I am looking at setting up two servers, one windows 2000/2003 box and a Linux server of some sort.

Simply put, what I want to achieve is having windows clients authenticating to the Linux server but having gpo's implemented by the windows server. Infect, I will be having a windows front end and a Linux back end. Now, I know you can use samba to make windows users log onto a Linux server, but that doesn’t help with implementing GPO's.

As far as I can see, this is the set up that large corporations have when they have windows clients and a UNIX servers. The windows clients are authenticating to the UNIX box and the GPO and other windows specific components managed by a windows server.

So what i am after is if someone can tell me how this can be done, what software you need and any further documentation/web pages that detail how to carry out this process.

Thanks in advance
ant
0
Comment
Question by:vdhant
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:pjedmond
ID: 11838819
I support a mixed windows and linux network - 4 linux servers and 3 Windows servers. Because Windows is such a ubiquitous operating system, linux support for it is actualy quite good considering that Microsoft is not always forthcoming with protocols used. Here is an overview:

Samba - (www.samba.org) This is bundled withmost linux OS. It is for authenticating systems on the network, and also provided file sharing capabilities. To simplify configuration of this, have a look at the web based  SWAT client, or webmin:

www.webmin.com

As for GPO facilities, it depends on the system that  you are implementing, or wish to implement, as there are numberous linux based solutions for the various componets required:

Xmail
Qmail
Sendmai
Postfix
Courier

..and more. The above come with most distributions.

If you want a commercial solution, Lotus notes is available for linux.

http://www.lotus.com/products/product4.nsf/wdocs/noteshomepage

The only applications that I still have running on windows systems are 'legacy' applications. Accounts and specialist engineering solutions.

Don't forget the importance of backups, internal web servers etc which can all happily be run on your linux systems as well.

As a big *top tip*. If you need Terminal Services to run legacy applications, using Win 2000 server is vastly cheaper than 2003, because Windows 2000, and XP systems have a licence built in enabling them to connect to a Win 2000 server without an addition TS CAL. Win 2003 requires a CAL for all systems ....and at approx $120 per CAL, it can make a significant cost difference.

0
 
LVL 1

Assisted Solution

by:sumpi
sumpi earned 50 total points
ID: 11838831
First of all, you have to use samba 3.0 or higher on your linux box. To use your GPOs make samba part of your windows network by joining the domain (see www.samba.org on how to do that) All you have to do is configure your smb.conf - File with the name of your domain and set security to server or domain (i am not quite sure, so have a look at the documentation) This makes the samba - server authenticating every user on the windows - box. Within this configuration all domain - related stuff will be performed on the user, as long as it is part of the windows config. The samba server will just do the other stuff like file sharing and so on...

some usefull commands and configs in your smb.conf:
smb.conf:
         Workgroup=XYZ            Name of your workgroup or your domain
      security = domain         authenticate on a windows - server
      password server = *      query any host on the network to get the primary domain controller of your win - network
      encrypt password = Yes      You have to set this, to make your network more secure (reqiured by win2k and above)

To join your domain type
net rpc join -U administrator%password


hth,
Sumpi
0
 
LVL 2

Author Comment

by:vdhant
ID: 11858148
Sorry for the late response guys and thanks very much

What you have suggested is kind of what i was after, by doing the above i can do most of the stuff with GPOs and logins. There was a few other things that i was hopping to do as well.

For example the type of integration I was hoping to have was down to the level that i could use a  distribution server like sms, and getting its list of users and computers from the Linux server and then being able to distribute it from the windows server. I was also hoping to get use these list for other windows based applications

Also i don't know heaps about Linux network setups (in terms of replication) but i thought that I might have a windows network setup, with a domain, site, ou and local computer structure. With the main Linux server going to two site servers (one in Brisbane and one in Sydney, maybe windows servers). Or something like that.

The above isn't my sinareo but i was hoping for something that would address these issues, partially the part about the windows services being able to get a list of users and computers from the Linux server

Thanks a lot
ant
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 22

Accepted Solution

by:
pjedmond earned 150 total points
ID: 11858269
The bit by sumpi relating to samba 3.0 and it's configuration makes the Linux server act as the point of authentication for windows systems on the network.

As for a distribution server, most of the features that you are after can be implemented using samba. The best way to approach this is (or indeed any problem) is to ask if you are really adsressing the problem that you need to solve. If it is a real problem with a windows solution, then there is normally a linux alternative that'll save you a fortune in licence fees:)


However...from your response, it looks as if you are trying to do something fairly big here:)...so......lets give you a few more pointers:

1.     Samba has the ability to provide file/printer sharing and authentication to windows, (or indeed linux systems), and can integrate into the windows domain framework.

2.     As you are planning on having geographically seperate networks/systems that you wish to authenticate against a central server, I'm going to suggest that you have a look at LDAP:

http://www.openldap.org/

Most mainstream Linux distributions come with it.

3.    Linus supports a functionality called PAM (Pluggable Authentication Modules), and this enables remote authentication in a more robust manner. You would just use the LDAP PAM module to authenticate samba(your domain accesses and logins) against the centrally maintained LDAP server database. This is effectively a little how Active directory works.

I guess you'll need to have a look through the above and do a little bit of reading now in order to crystalise in your own mind exactly how you wish to go about this. It is not trivial, but if you can cope with it, you'll save a fortune in licence fees!
0
 
LVL 2

Author Comment

by:vdhant
ID: 11861655
Cool sounds good and is getting towards what i am after.

But one question still remains is there any way of windows services (on a windows server) being able to get a list of users and computers from the Linux server/samba.

thanks ant
0
 
LVL 2

Author Comment

by:vdhant
ID: 11877089
Does anyone have any idear
thanks ant
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now