Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been configuring the new computer lab that we got, and had to configure windows machines to go through Win2003 server.
Just made me realize what a disaster of an operating system windows is.
To make the long story short, you basically never know what's happening in windows, sometimes it works, sometimes it doesn't. Logins take 3 minutes or more sometimes, with our network being quite fast..etc
Unfortunately most of the teachers/students/staff still need windows, and so we have to set it up for them, but we are trying to migrate to Linux on a server level. So far we can do absolutely without windows servers, with the exception of two things: Login Server for windows machines and the Antivirus Server.
Question: Is there a way to run the login server and antivirus server on Linux to be accessed by windows machines?
By login server, I think you mean a Windows Server 2003 Domain Controller running Active Directory Services. You would need to do some research on directory services for Linux: probably OpenLDAP, Samba 3 and up, Pluggable Authentication Modules (PAM), SSL and Kerberos authentication to create a comparable system (or one that integrates Linux clients with your existing AD domain).
If you have invested in Windows Server 2003 though, I would suggest integration rather than a trash can full of wasted M$ money. Windows services can be outstanding when configured properly.
Linux directory services is a subject recently grabbing my interest. The more Windows domain administration I've been doing, the more I want to integrate Lin and Win.
-------------QUOTE---------------
By login server, I think you mean a Windows Server 2003 Domain Controller running Active Directory Services.
-------------------------------------
Yes.
----------QUOTE-------------------
or one that integrates Linux clients with your existing AD domain
-------------------------------------
Actually, I was looking for a replacement for AD domain, to run the directory services on a Linux server, for Windows users to log in through. We're using Samba, and it's working great, very fast.
But one of the main problems is that the login procedure for Windows takes about 3 minutes (regardless of server proximity), whereas logging in locally, it takes about 5 seconds. It is quite impractical, because at one of our school locations, we plan on having a separate user/pw for everyone.
Thank you very much for the links, I will do some research on them.
Originally posted by trees But one of the main problems is that the login procedure for Windows takes about 3 minutes (regardless of server proximity), whereas logging in locally, it takes about 5 seconds. It is quite impractical, because at one of our school locations, we plan on having a separate user/pw for everyone.
Perhaps because of MS Intellimirror. Is there a lot of user profile data on the workstations? If you can slim-down the amount of data in the user profiles, then there will be less data to have to pass back and forth at login. You can also config the server/clients to not mirror certain user profile folders. I find that moving the docs out of the MyDocuments folder and instead onto a mapped drive will lighten-up the profile load.
Even if you do install a Samba PDC in place of the Win2k3 server, you still have to deal with the Intellimirror workload at login.
Intellimirror is what makes roaming profiles work. When you config Win2k3 server as a PDC, then Intellimirror is enabled by default.
Here are the folders in a user profile: Applications Data, Cookies, Desktop, Favorites, My Documents, My Pictures, Netwhood, Printhood, Recent, SendTo, StartMenu, Templates
Along with the folders, here's what else is in a user profile: Favorites, Mapped Network Drives, My Network Places, Screen Colors and fonts, Desktop wallpaper, Application data and registry hive, Printer settings, Control Panel, Accessories, Online help files.
Now whenever you login to Windows 2000 in a PDC environment, you're basically starting with a blank slate...the client needs to d/l all this info from the Server and build it's desktop with that particular user's settings. If the user profile is quite large, then there's more data to have to d/l from the server. Add to that multiple users loggin in simultaneously, and you've got yourself a situation.
I don't think you can disable Intellimirror, only change it's behavior somewhat. You can use the Group Policy Editor on the workstation to exclude certain folders from roaming user profiles:
Quote:
Open the group policy for the desired user. In the console tree pane, expand the User Configuration, Administrative Templates, System folders, and then select the Logon/Logoff folder.
QUOTE:
Open the group policy for the desired user. In the console tree pane, expand the User Configuration, Administrative Templates, System folders, and then select the Logon/Logoff folder.
--------------------------
Just did that, User Configuration -> Administrative Templates, System, Logon.
There were three options:
1. Run these programs at user logon (Not Configured)
2. Do not process the run once list (Not Configured)
3. Do not process the legacy run list (Not Configured)
I don't really know what the other two mean, but I disabled all of them.
It didn't seem to make any difference - still takes a really long time to log in.
...In the results pane, double-click on Exclude Directories In Roaming Profile. On the Policy page of the dialog box, check the Enabled radio button. In the edit box that will be revealed, several folders are listed by default. Add the required, seperating them with semi-colons. Click on apply to confirm changes.
QUOTE:
-------------------------------------------
Open the group policy for the desired user. In the console tree pane, expand the User Configuration, Administrative Templates, System folders, and then select the Logon/Logoff folder.
...In the results pane, double-click on Exclude Directories In Roaming Profile. On the Policy page of the dialog box, check the Enabled radio button. In the edit box that will be revealed, several folders are listed by default. Add the required, seperating them with semi-colons. Click on apply to confirm changes.
-------------------------------------------
The roaming profile is actually in User Configuration, Administrative Templates, System, User Profiles
(maybe it's different in Win2k)
I typed in all the folders to be excluded, and also set the maximum profile size to 300K, it didn't seem to make too much of a difference. The "Loading Personal Settings" screen goes by really quick, but the system nearly stalls at the "Applying Your Personal Settings" screen.
I think it might be something else, and not the actual transfer of the profile, because the computer I'm testing it on had just been set up and has absolutely nothing else on it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.