Greetings,

I've been configuring the new computer lab that we got, and had to configure windows machines to go through Win2003 server.
Just made me realize what a disaster of an operating system windows is.
To make the long story short, you basically never know what's happening in windows, sometimes it works, sometimes it doesn't. Logins take 3 minutes or more sometimes, with our network being quite fast..etc

Unfortunately most of the teachers/students/staff still need windows, and so we have to set it up for them, but we are trying to migrate to Linux on a server level. So far we can do absolutely without windows servers, with the exception of two things: Login Server for windows machines and the Antivirus Server.

Question: Is there a way to run the login server and antivirus server on Linux to be accessed by windows machines?

Thanks.

By login server, I think you mean a Windows Server 2003 Domain Controller running Active Directory Services. You would need to do some research on directory services for Linux: probably OpenLDAP, Samba 3 and up, Pluggable Authentication Modules (PAM), SSL and Kerberos authentication to create a comparable system (or one that integrates Linux clients with your existing AD domain).

If you have invested in Windows Server 2003 though, I would suggest integration rather than a trash can full of wasted M$ money. Windows services can be outstanding when configured properly.

Microsoft Active Directory Services: http://msdn.microsoft.com/library/de...entid=28000413

OpenLDAP: http://www.openldap.org/
Samba: http://us1.samba.org/samba/
PAM: http://www.kernel.org/pub/linux/libs...-html/pam.html
OpenSSL: http://www.openssl.org/
MIT's Kerberos: http://web.mit.edu/kerberos/www/
A master's thesis comparing directory services for Linux with MS AD: http://www.daasi.de/staff/norbert/thesis/html/

Linux directory services is a subject recently grabbing my interest. The more Windows domain administration I've been doing, the more I want to integrate Lin and Win.

-------------QUOTE---------------
By login server, I think you mean a Windows Server 2003 Domain Controller running Active Directory Services.
-------------------------------------
Yes.

----------QUOTE-------------------
or one that integrates Linux clients with your existing AD domain
-------------------------------------
Actually, I was looking for a replacement for AD domain, to run the directory services on a Linux server, for Windows users to log in through. We're using Samba, and it's working great, very fast.

But one of the main problems is that the login procedure for Windows takes about 3 minutes (regardless of server proximity), whereas logging in locally, it takes about 5 seconds. It is quite impractical, because at one of our school locations, we plan on having a separate user/pw for everyone.

Thank you very much for the links, I will do some research on them.

Perhaps because of MS Intellimirror. Is there a lot of user profile data on the workstations? If you can slim-down the amount of data in the user profiles, then there will be less data to have to pass back and forth at login. You can also config the server/clients to not mirror certain user profile folders. I find that moving the docs out of the MyDocuments folder and instead onto a mapped drive will lighten-up the profile load.

Even if you do install a Samba PDC in place of the Win2k3 server, you still have to deal with the Intellimirror workload at login.

How can I turn the Intellimirror off (or check if it's on)?

Thanks

Intellimirror is what makes roaming profiles work. When you config Win2k3 server as a PDC, then Intellimirror is enabled by default.

Here are the folders in a user profile:
Applications Data, Cookies, Desktop, Favorites, My Documents, My Pictures, Netwhood, Printhood, Recent, SendTo, StartMenu, Templates

Along with the folders, here's what else is in a user profile:
Favorites, Mapped Network Drives, My Network Places, Screen Colors and fonts, Desktop wallpaper, Application data and registry hive, Printer settings, Control Panel, Accessories, Online help files.

Now whenever you login to Windows 2000 in a PDC environment, you're basically starting with a blank slate...the client needs to d/l all this info from the Server and build it's desktop with that particular user's settings. If the user profile is quite large, then there's more data to have to d/l from the server. Add to that multiple users loggin in simultaneously, and you've got yourself a situation.

I don't think you can disable Intellimirror, only change it's behavior somewhat. You can use the Group Policy Editor on the workstation to exclude certain folders from roaming user profiles:

QUOTE:
Open the group policy for the desired user. In the console tree pane, expand the User Configuration, Administrative Templates, System folders, and then select the Logon/Logoff folder.
--------------------------

Just did that, User Configuration -> Administrative Templates, System, Logon.
There were three options:
1. Run these programs at user logon (Not Configured)
2. Do not process the run once list (Not Configured)
3. Do not process the legacy run list (Not Configured)

I don't really know what the other two mean, but I disabled all of them.
It didn't seem to make any difference - still takes a really long time to log in.

Woops, I left-out the rest of the quote:

QUOTE:
-------------------------------------------
Open the group policy for the desired user. In the console tree pane, expand the User Configuration, Administrative Templates, System folders, and then select the Logon/Logoff folder.
...In the results pane, double-click on Exclude Directories In Roaming Profile. On the Policy page of the dialog box, check the Enabled radio button. In the edit box that will be revealed, several folders are listed by default. Add the required, seperating them with semi-colons. Click on apply to confirm changes.
-------------------------------------------

The roaming profile is actually in User Configuration, Administrative Templates, System, User Profiles
(maybe it's different in Win2k)

I typed in all the folders to be excluded, and also set the maximum profile size to 300K, it didn't seem to make too much of a difference. The "Loading Personal Settings" screen goes by really quick, but the system nearly stalls at the "Applying Your Personal Settings" screen.

I think it might be something else, and not the actual transfer of the profile, because the computer I'm testing it on had just been set up and has absolutely nothing else on it.