Good question. I'm relatively new here, although my account dates from 2004 Yeah, I haven't posted too heavily over the last 4 years, but I come to read quite a bit. I don't know if these forums will host images for you, but I see that you can insert code to embed an image that you've hosted elsewhere..

How about if you upload the image to a webserver, and link to it, or lacking that, upload it to an image-sharing site and link.

Thanks for helping us out with this. I can see I'm not the only one that's had difficulties.

Wow, guys, check this out!

http://www.enabledpeople.com/projects/lis/

http://base.linux-xp.com/confluence/...tive+Directory

These pages are talking about a thing called "Linux Integration Service" which from what I understand is an add-on for Active directory AND a client for the workstation, which allows a more complete integration with Active directory, including letting you set policies from AD.

Over at Distrowatch, I found an article today about the release of Linux-XP 2008, which is apparently the first distribution to include the Linux Integration System. I'm downloading the torrent now (although it appears that I can only get the Russian edition for the time being) hoping to muddle my way through the Russian language just to get a taste of if this thing actually works.

I'll keep you posted.

ok I'm back. sorry for the delay. I found out from a Moderator I cannot post a file upload on LQ.org. I would be interested in finding out how Linux-XP compares to other more well known distros.

I have been reminded from a mate who is the most knowledgeable Windows guy I know, I think this will affect those of you trying to connect Linux clients directly via LDAP and not via NIS. Active Directory in a 2003 environment has by default Digital certificate signing between its Servers and Clients. Years ago when I was connecting a Mac OSX laptop to an Exchange server, I was unable to do so until the digital certificate signing policy on the domain was disabled. This might be worth knowing, if your current LDAP attempts have failed.

as for my picture. was my previous post descriptive enough? if not i'll try and find a place to host my picture.

I just had a look at the LIS website. it looks very similar to MS Services for UNIX.

The main difference that I see, is that it seems that LIS wants to give you the ability to actually set some policy for the Linux workstation. This would be a step above Serivices for Unix, as far as I can tell. LIS also appears to have a client for the workstation that facilitates adding it to the domain, which could make things easier. I'm still not having any luck with joining my linux desktops to the AD server.
As soon as I get a chance to play with LIS, I'll let you know how it goes.

from my integration projects in the past, integrating with the domain (having the PC appear in AD Users and Computers) was mainly done from utilizing samba, as it is a client workstation it would be unlikely you are wanting to run your desktop PCs as a file server. Adding GP's over the machine would be a great advantage, but I am struggling to understand how it would do this. AD and Windows Registry's are nothing like a linux gconf configuration.

If you run as root "gconf-editor" it will give you a graphical version of what your system registry looks like. At least to the best of my knowledge this is what it is used for. I use it from an individual bases just to modify a particular aspect of a user profile, but this tool is also used to globally set parameters.

I've love to get some feedback on LIS when you get a chance.

The 3rd edition of "Using Samba" has a section on AD. For a normal client (no samba server), I wonder if there was something missing with a PAM, libnss_winbind or /etc/nsswitch.conf. I think that winbind needs to be installed and running for authentication to work. Another person had tried the SuSE wizard and was able to authenticate. Section 27 in the openSuSE reference manual deals with Active Directory.

You should be able to join an AD from YaST: Network Services -> Windows Domain Membership. You will be required to supply the credentials for a Windows Domain Administrator user.

All efforts to sync with AD require Winbind unless they are using an alternate method, like LDAP or NIS via AD. the enterprise version of Suse Desktop adds to the domain and logs in perfect, it has the AD connection wizard straight after boot, just like sysprep in windows, however I was never able to get the opensuse edition to do the same thing.

I'm not sure if I missed something, but the post-install menu option was not there when I installed opensuse which I thought was very frustrating. I guess thats one of the motivations to encourage people to go enterprise. In some cases that is not always an option though.

Hmm. Maybe I should look into SuSe enterprise. We're a school, and we could afford to swing a few bucks if something *actually* worked. I imagine it'd still be less expensive than Windows.

From what I hear its similar costs actually, considering all machines these days ship from the manufacturer with Windows you may be doubling up on cost. were you able to set up a test domain to play with Services for unix? When i played with suse enterprise I wasn't as involved as I was when I set up a test environment for NIS intergration.

My only concern you might experience is, although the Suse enterprise workstation integrates easily during post-install, It never once gave me options of where I was storing my unix profiles, if you mix windows profiles and unix profiles together things will get messy. In linux the profile and the user files are stored in the one place. In a typical windows roaming profile environment you keep your profile seperate from your home drive. If the home drives are combined a user might see some linux profile folders, not understand what they do and then unintentionally delete them because they dont know what they are. this may cause trouble down the line somewhere.

but then again I did not do extensive testing with Suse so I could be wrong. from a conceptial overview point of view this is just something I dont understand which may result in trouble. Again.. testing is better than a disaster in production, if you go down the Suse path, just run a test environment first with one license before you go site wide with it.

I wanted to play with LIS, but it appears that the only way it's available right now is with Linux-XP 2008. However, Linux XP 2008 is only available in Russian at the time. That didn't deter me. I sucessfully made it through the install (all in Russian), and I'm now at a desktop. I'm going to try to muddle my way through the LIS, but first I'm going to have a look to see if I can at least change something to English.

I was responding to another samba related post about oplocks and when reading the RELEASE NOTES for the current production version 3.0.28a, there was a note about a patch for joining a Windows 2008 domain. Which version of Samba do you have and which Windows Server version operates the Domain?

After trying many many different ways of joining the domain, I think maybe the problem is my DNS settings on the server.
I've got the Windows 2003 R2 server that runs the AD also set up to be the DNS.
Someone told me that if I had the DNS settings right, I should be able to ping the domain name. I can't. I can ping computers that are on the domain. For example, from my Linux machines I can ping server.domain, or a workstation.domain, but I can't ping domain.
I've never messed with the DNS settings of the server, because my Windows clients have never had a problem connecting or joining the domain. What is the ideal way to have DNS set up on my Windows server? Does anyone know how it should look? I want to make sure that I have this set up properly on the server side before I continue to mess around trying to join the Linux machines to the domain.

I never heard of pinging the DOMAIN before. I'm not sure if that is correct. If you can ping a local host, your DNS is probably working OK.

Well, from what I've read, you should be able to ping the domain. I mean, think about it, when you're joining the domain, you're contacting it - what is the best way to test if you can contact something? Ping it.
I always get errors from winbind, likewise, etc that it can't contact the domain. Why is it that it can't contact the domain, if I can ping the server using its FQDN? I'm thinking it must be DNS-related... but then again my Windows clients have no problem logging in and joining domains, etc. So I don't know. This is too frustrating.