My work desktop (Ubuntu 10.04) is in an office managed by an SBS 2008 install (as much as I hate it, I kinda like it being something that I can wash my hands of when there's a problem!)
I'm looking at the extent to which I can "benefit" from the domain, as much as a learning exercise as anything else. At present I have a couple of CIFS shares mounted, and I get my IP via DHCP and my email from the server via POP3.
I discovered www.likewise.com at the weekend. Does anyone have any experience of (the free open source version of) LikeWise? Are there better/different options?
To be honest I'm not really sure what I would like to achieve that I don't already have, but like I said this is a learning exercise more than anything.
On 23/08/10 11:40, Mark Rogers wrote:
My work desktop (Ubuntu 10.04) is in an office managed by an SBS 2008 install (as much as I hate it, I kinda like it being something that I can wash my hands of when there's a problem!)
I'm looking at the extent to which I can "benefit" from the domain, as much as a learning exercise as anything else. At present I have a couple of CIFS shares mounted, and I get my IP via DHCP and my email from the server via POP3.
I discovered www.likewise.com at the weekend. Does anyone have any experience of (the free open source version of) LikeWise? Are there better/different options?
To be honest I'm not really sure what I would like to achieve that I don't already have, but like I said this is a learning exercise more than anything.
From the client side I can't really see what you could gain, apart from being able to log into your Linux box with domain credentials
The more obvious thing would be where you are providing samba shares and want other domain users to authenticate to them in which case you need to study winbind and kerberos (but the disclaimer here really applies, know what you are doing because messing with pam.d can lock you out of your own machine if you aren't careful)
Not had experience of likewise but it seems to just automate and guify some of the steps that are already possible with OSS tools, personally if you are dedicated to learning this then I would try it the "hard" way, there are plenty of howto's kicking about that will get you started.
The key thing is that your clock must be in sync with the domain. It's only sufficient to have your linux box talking to an external ntp pool if the domain is also synced to internet time, if your domain time has drifted then your auth attempts will fail. Otherwise use "net time set" to set the time on your box from the windows domain
Sorry for the slow reply: been on holiday for a (very soggy) week at Peterborough Beer Festival.
On 24/08/10 01:13, Wayne Stallwood wrote:
From the client side I can't really see what you could gain, apart from being able to log into your Linux box with domain credentials
That's pretty much what I thought, and actually having at least one machine that would keep going "if" the DC fails in some way would be no bad thing!
The more obvious thing would be where you are providing samba shares and want other domain users to authenticate to them
I'm not doing this, so I don't have anything to worry about here. However, logging into other shares on other machines that are in the domain is necessary - I currently do this without being a part of the domain but I guess it would be preferable to be a domain user for this?
Not had experience of likewise but it seems to just automate and guify some of the steps that are already possible with OSS tools, personally if you are dedicated to learning this then I would try it the "hard" way, there are plenty of howto's kicking about that will get you started.
Thanks, I wasn't sure if it was anything special.
The key thing is that your clock must be in sync with the domain. It's only sufficient to have your linux box talking to an external ntp pool if the domain is also synced to internet time, if your domain time has drifted then your auth attempts will fail. Otherwise use "net time set" to set the time on your box from the windows domain
That's useful to know, thanks. Presumably (OT!) this would also apply to Windows clients talking to the DC? If so I'll pass that on to those who might come up against it.
On 31 August 2010 11:28, Mark Rogers mark@quarella.co.uk wrote:
On 24/08/10 01:13, Wayne Stallwood wrote:
From the client side I can't really see what you could gain, apart from being able to log into your Linux box with domain credentials
That's pretty much what I thought, and actually having at least one machine that would keep going "if" the DC fails in some way would be no bad thing!
Windows clients of a domain, by default, cache the user's details on their first login. The user's subsequent logins on that client will succeed even if the DC is unavailable - very important for mobile laptop users! I've no idea if Samba and PAM domain clients offer this feature.
Good luck! Tim.
-
Mark Rogers -
Tim Green -
Wayne Stallwood