LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-11-2010, 06:41 PM   #1
ellakano
LQ Newbie
 
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24

Rep: Reputation: 1
Group Policy: Windows vs Linux


Background info: I'm soon to be making a jump from doing mostly desktop admin (mostly "on the side") to being hired to plan, build and be sysadmin to a small company network for my friend's business (for whom I've been doing work for hire on his websites for a while now). I'll be learning much as I go along (he's well aware of this): I've dabbled somewhat with Ubuntu server on my own but I've never implemented networking more complex than an average home network (router, cable modem, switch for upstairs, Windows networking and DHCP).

We expect to have 6-20 workstations (the 20 being what we expect to grow to), an internal SAN and some other miscellaneous boxes for special functions. The general attitude between us is a preference for *nix servers and a decision will have to be made whether to go with Win 7 or OS X Macs for the desktops (my bias is towards Windows but I ought to give it a fair comparison.) For both security and my sanity, I'm pretty sure we're going to need some form of centralized policy management: Active Directory on Windows and I-have-no-idea-what for OSX/Unix (for the sake of argument let's focus on the fact that it's UNIX under the hood and should respond to Linux server controls - I know OSX Sever exists and that people I know have panned it and that's it.)

Question 1: If we go the Windows route, do we absolutely need Windows Server inside the network just to run Active Directory's group policy?

I have looked at other threads on the subject, and read a bit about OpenLDAP and Samba: it seems they aren't drop in replacements but they don't talk about Samba 4 which boasts some group policy features.

Question 2: If we go with the Macs, what's the equivalent on the UNIX side - not in terms of "protocol compatible with Windows" but in administrative functionality? I'm looking for a basic summary and terms/links that I can read through and search on to find out more.
 
Old 08-11-2010, 07:13 PM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,979
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Quote:
Originally Posted by ellakano View Post
Background info: I'm soon to be making a jump from doing mostly desktop admin (mostly "on the side") to being hired to plan, build and be sysadmin to a small company network for my friend's business (for whom I've been doing work for hire on his websites for a while now). I'll be learning much as I go along (he's well aware of this): I've dabbled somewhat with Ubuntu server on my own but I've never implemented networking more complex than an average home network (router, cable modem, switch for upstairs, Windows networking and DHCP).

We expect to have 6-20 workstations (the 20 being what we expect to grow to), an internal SAN and some other miscellaneous boxes for special functions. The general attitude between us is a preference for *nix servers and a decision will have to be made whether to go with Win 7 or OS X Macs for the desktops (my bias is towards Windows but I ought to give it a fair comparison.) For both security and my sanity, I'm pretty sure we're going to need some form of centralized policy management: Active Directory on Windows and I-have-no-idea-what for OSX/Unix (for the sake of argument let's focus on the fact that it's UNIX under the hood and should respond to Linux server controls - I know OSX Sever exists and that people I know have panned it and that's it.)

Question 1: If we go the Windows route, do we absolutely need Windows Server inside the network just to run Active Directory's group policy?

I have looked at other threads on the subject, and read a bit about OpenLDAP and Samba: it seems they aren't drop in replacements but they don't talk about Samba 4 which boasts some group policy features.

Question 2: If we go with the Macs, what's the equivalent on the UNIX side - not in terms of "protocol compatible with Windows" but in administrative functionality? I'm looking for a basic summary and terms/links that I can read through and search on to find out more.
If you want group policy functionality use Active Directory with centrify direct

http://www.centrify.com/default.asp

With centrify direct you can "control" Windows/Mac/Linux/Unix clients...

You can also take a look at FreeIPA

http://freeipa.org/page/Main_Page

-C

Last edited by custangro; 08-11-2010 at 07:16 PM.
 
Old 08-11-2010, 09:23 PM   #3
ellakano
LQ Newbie
 
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24

Original Poster
Rep: Reputation: 1
To make sure I understand, both of those are intended to integrate Mac or *NIX clients with an existing Windows Server AD implimentation, right?
 
Old 08-12-2010, 12:59 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638

Rep: Reputation: Disabled
Centrify is used to use Linux and OSX in windows active directory as clients. Where freeIPA is a complete identity management. I suspect that SAMBA in current form is complete replacement for windows active directory server. It will also depend on how much control you want to have over your clients. Is just the authentication? Or you are looking into more of granular control?
If you have worked a bit on Ubuntu server, then I will suggest you also take a look at Turnkey Linux project PDC: http://www.turnkeylinux.org/domain-controller
 
Old 08-12-2010, 07:28 AM   #5
ellakano
LQ Newbie
 
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24

Original Poster
Rep: Reputation: 1
For the sake of argument, I mean the more granular settings/permissions control part that AD would provide. Whether we end up actually using it I guess is still a question. If it were just the authentication, Samba or OpenLDAP would be sufficient.
 
Old 08-12-2010, 08:03 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638

Rep: Reputation: Disabled
Yes. You are just looking at authentication and authorization on files, then Samba can do the job for you. Granular control as in, preventing users from changing the proxy settings for IE and setting those from GPO and like.
 
Old 08-12-2010, 08:20 AM   #7
ellakano
LQ Newbie
 
Registered: Nov 2003
Distribution: Ubuntu 10.10, Windows 7
Posts: 24

Original Poster
Rep: Reputation: 1
Yes, that. And by the same token, if we don't go with Windows at all, how to do that sort of thing sanely on Mac/Linux - I presume most of it is handled in the *nix permission system.

Last edited by ellakano; 08-12-2010 at 08:25 AM.
 
Old 08-12-2010, 08:33 AM   #8
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Perhaps you will find these links interesting. I got them from the Samba mailing list.

Please note that NT 4.0 policies write to the workstation's registry. The Active Directory policies reside in memory so they disappear once the workstation is turned off.

You need to test your policies properly before putting them into production since they write to the registry. You should also create policies for reversing them.

http://wiki.samba.org/index.php/Impl...ies_with_Samba

http://www.novell.com/coolsolutions/tools/15478.html

http://www.pcc-services.com/custom_poledit.html

http://wpkg.org/WPKG_overview

Samba 4 should provide a smoother solution. However, the developers have not published a date for completion of that project.

Last edited by jamrock; 08-12-2010 at 08:39 AM.
 
Old 08-13-2010, 12:10 AM   #9
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638

Rep: Reputation: Disabled
Quote:
Originally Posted by ellakano View Post
Yes, that. And by the same token, if we don't go with Windows at all, how to do that sort of thing sanely on Mac/Linux - I presume most of it is handled in the *nix permission system.
Just for Linux clients, you will not even require Samba. OpenLDAP will be sufficient for authentication.
 
  


Reply

Tags
active directory, openldap, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
group policy with samba utdom Linux - Server 4 11-15-2007 09:29 AM
somebody test samba group policy? kstan Linux - General 1 07-19-2007 03:05 PM
group policy equivalent in linux ? fborot Linux - General 4 11-16-2005 09:43 AM
Openswan policy group routerlabra Linux - Security 0 08-24-2005 02:57 AM
samba and group policy egyptian Linux - Networking 3 10-20-2004 05:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration