Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-11-2010, 06:41 PM
|
#1
|
LQ Newbie
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24
Rep:
|
Group Policy: Windows vs Linux
Background info: I'm soon to be making a jump from doing mostly desktop admin (mostly "on the side") to being hired to plan, build and be sysadmin to a small company network for my friend's business (for whom I've been doing work for hire on his websites for a while now). I'll be learning much as I go along (he's well aware of this): I've dabbled somewhat with Ubuntu server on my own but I've never implemented networking more complex than an average home network (router, cable modem, switch for upstairs, Windows networking and DHCP).
We expect to have 6-20 workstations (the 20 being what we expect to grow to), an internal SAN and some other miscellaneous boxes for special functions. The general attitude between us is a preference for *nix servers and a decision will have to be made whether to go with Win 7 or OS X Macs for the desktops (my bias is towards Windows but I ought to give it a fair comparison.) For both security and my sanity, I'm pretty sure we're going to need some form of centralized policy management: Active Directory on Windows and I-have-no-idea-what for OSX/Unix (for the sake of argument let's focus on the fact that it's UNIX under the hood and should respond to Linux server controls - I know OSX Sever exists and that people I know have panned it and that's it.)
Question 1: If we go the Windows route, do we absolutely need Windows Server inside the network just to run Active Directory's group policy?
I have looked at other threads on the subject, and read a bit about OpenLDAP and Samba: it seems they aren't drop in replacements but they don't talk about Samba 4 which boasts some group policy features.
Question 2: If we go with the Macs, what's the equivalent on the UNIX side - not in terms of "protocol compatible with Windows" but in administrative functionality? I'm looking for a basic summary and terms/links that I can read through and search on to find out more.
|
|
|
08-11-2010, 07:13 PM
|
#2
|
Senior Member
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
|
Quote:
Originally Posted by ellakano
Background info: I'm soon to be making a jump from doing mostly desktop admin (mostly "on the side") to being hired to plan, build and be sysadmin to a small company network for my friend's business (for whom I've been doing work for hire on his websites for a while now). I'll be learning much as I go along (he's well aware of this): I've dabbled somewhat with Ubuntu server on my own but I've never implemented networking more complex than an average home network (router, cable modem, switch for upstairs, Windows networking and DHCP).
We expect to have 6-20 workstations (the 20 being what we expect to grow to), an internal SAN and some other miscellaneous boxes for special functions. The general attitude between us is a preference for *nix servers and a decision will have to be made whether to go with Win 7 or OS X Macs for the desktops (my bias is towards Windows but I ought to give it a fair comparison.) For both security and my sanity, I'm pretty sure we're going to need some form of centralized policy management: Active Directory on Windows and I-have-no-idea-what for OSX/Unix (for the sake of argument let's focus on the fact that it's UNIX under the hood and should respond to Linux server controls - I know OSX Sever exists and that people I know have panned it and that's it.)
Question 1: If we go the Windows route, do we absolutely need Windows Server inside the network just to run Active Directory's group policy?
I have looked at other threads on the subject, and read a bit about OpenLDAP and Samba: it seems they aren't drop in replacements but they don't talk about Samba 4 which boasts some group policy features.
Question 2: If we go with the Macs, what's the equivalent on the UNIX side - not in terms of "protocol compatible with Windows" but in administrative functionality? I'm looking for a basic summary and terms/links that I can read through and search on to find out more.
|
If you want group policy functionality use Active Directory with centrify direct
http://www.centrify.com/default.asp
With centrify direct you can "control" Windows/Mac/Linux/Unix clients...
You can also take a look at FreeIPA
http://freeipa.org/page/Main_Page
-C
Last edited by custangro; 08-11-2010 at 07:16 PM.
|
|
|
08-11-2010, 09:23 PM
|
#3
|
LQ Newbie
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24
Original Poster
Rep:
|
To make sure I understand, both of those are intended to integrate Mac or *NIX clients with an existing Windows Server AD implimentation, right?
|
|
|
08-12-2010, 12:59 AM
|
#4
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep:
|
Centrify is used to use Linux and OSX in windows active directory as clients. Where freeIPA is a complete identity management. I suspect that SAMBA in current form is complete replacement for windows active directory server. It will also depend on how much control you want to have over your clients. Is just the authentication? Or you are looking into more of granular control?
If you have worked a bit on Ubuntu server, then I will suggest you also take a look at Turnkey Linux project PDC: http://www.turnkeylinux.org/domain-controller
|
|
|
08-12-2010, 07:28 AM
|
#5
|
LQ Newbie
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24
Original Poster
Rep:
|
For the sake of argument, I mean the more granular settings/permissions control part that AD would provide. Whether we end up actually using it I guess is still a question. If it were just the authentication, Samba or OpenLDAP would be sufficient.
|
|
|
08-12-2010, 08:03 AM
|
#6
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep:
|
Yes. You are just looking at authentication and authorization on files, then Samba can do the job for you. Granular control as in, preventing users from changing the proxy settings for IE and setting those from GPO and like.
|
|
|
08-12-2010, 08:20 AM
|
#7
|
LQ Newbie
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24
Original Poster
Rep:
|
Yes, that. And by the same token, if we don't go with Windows at all, how to do that sort of thing sanely on Mac/Linux - I presume most of it is handled in the *nix permission system.
Last edited by ellakano; 08-12-2010 at 08:25 AM.
|
|
|
08-13-2010, 12:10 AM
|
#9
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep:
|
Quote:
Originally Posted by ellakano
Yes, that. And by the same token, if we don't go with Windows at all, how to do that sort of thing sanely on Mac/Linux - I presume most of it is handled in the *nix permission system.
|
Just for Linux clients, you will not even require Samba. OpenLDAP will be sufficient for authentication.
|
|
|
All times are GMT -5. The time now is 11:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|