Hello,

First of, thank you for a great forum, I've used this resource a lot when I just started out with linux 6 months ago, and partially thanks to this forum, I stayed Linux and now I'm loving it.

Now, back to business.

I have a network with 100 workstations using Windows XP Pro, and Microsoft Windows 2003 running as Active Directory Domain Controller.

Let's assume that people who work on the XP machines don't have any tools that keep them on Windows XP, they would be just fine using Ubuntu 8.04 for example.

How can I create a setup where I have one server with all the user names and those Ubuntu Workstations are logging on "to" that server or using the usernames and passwords and shared resources available on the Linux server? Just like the AD DC setup basically.


This hasn't been done yet, so suggestions for Linux Operating Systems are open for discussion. This is an urgent matter.


Thanks.

Please understand, I'm relatively new although far from stupid, so keep it detailed, but don't go crazy into specifics Thanks a lot in advance!

There are really three parts to this: authentication, printing, files.

Printing is pretty-much automatic. Setup one CUPS server, and all the clients will see their printers.
Files can be shared over NFS (or samba if you really want....).

The biggie for replacing AD is authentication, and authenticating over LDAP is pretty easy.

As long as you remember that this will be authentication only, not user-rights and desktop management, you can use an LDAP server. If the local (read individual workstation) user-rights management is setup properly, and based on group memberships, then you will in effect have managed systems. Just remember each workstation/system would have to be configured on its own.

Once the server was setup, the clients would then be configured to get their user and group information from the server, and presto, unified login.

Now, some distros make it easier to authenticate via LDAP, like RedHat/CentOS and Suse. During the install you're given the option to have the machine authenticate off of another server (LDAP, kerberos, hesiod(?), samba). I've never seen that option when installing Ubuntu, but it probably has something similar as well. You should also be able to configure the clients to automatically mount the user's home drive (which it will read from LDAP) upon login.

As far as LDAP servers go here are 3 common ones:
The most common is OpenLDAP. It may also be the easiest to configure, but that's a personal opinion. http://www.openldap.org/

The Apache project has Apahce Directory Server (the ldap server itself), and Apache Directory Studio (an eclipse based gui for LDAP servers). I haven't used it, but it does include both LDAP and Kerberos, which could be pretty cool. http://directory.apache.org/

Also RedHat has "389 Directory Server", which was until recently called Fedora Directory Server, and is, I believe, a direct descendant of Netscape Directory Server. http://directory.fedoraproject.org/


I hope that little brain dump gives you some sort of start.

Samba 4 is supposed to be able to act as an AD DC.

Samba 3 can act as a non-AD DC.

KDE looks & acts more like W2k & XP than Gnome. -- Kubuntu or SimplyMEPIS would be easier transitions.

There is a tool LikeWise available that can join your Linux box to a domain controlled by a windows AD controller.
It is easier to use. Just install it on the machines and join the domain. Thats it.
Samba is also very much capable of authenticating users off windows AD. But you need to configure samba and kerberos for the authentication.
If you are using RH, CentOS, or Fedora ( I do not know about other distributions ) you can use authconfig command line tool for the same. Just one long command with lot of options and you are done. There should be something similar in Ubuntu as well. But I do not know yet as my Ubuntu is not a part of domain.

Yea but samba 4 still isn't done. It's been under heavy development for a few years now, so maybe it'll be out soon but I wouldn't hold my breath.

I know plenty of folks who would love to switch to it, but can't, because it's not considered stable

For LDAP, there's a good if slightly dated howto here http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

See also http://www.linuxtopia.org/online_boo...5_ch-ldap.html