Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Background info: I'm soon to be making a jump from doing mostly desktop admin (mostly "on the side") to being hired to plan, build and be sysadmin to a small company network for my friend's business (for whom I've been doing work for hire on his websites for a while now). I'll be learning much as I go along (he's well aware of this): I've dabbled somewhat with Ubuntu server on my own but I've never implemented networking more complex than an average home network (router, cable modem, switch for upstairs, Windows networking and DHCP).
We expect to have 6-20 workstations (the 20 being what we expect to grow to), an internal SAN and some other miscellaneous boxes for special functions. The general attitude between us is a preference for *nix servers and a decision will have to be made whether to go with Win 7 or OS X Macs for the desktops (my bias is towards Windows but I ought to give it a fair comparison.) For both security and my sanity, I'm pretty sure we're going to need some form of centralized policy management: Active Directory on Windows and I-have-no-idea-what for OSX/Unix (for the sake of argument let's focus on the fact that it's UNIX under the hood and should respond to Linux server controls - I know OSX Sever exists and that people I know have panned it and that's it.)
Question 1: If we go the Windows route, do we absolutely need Windows Server inside the network just to run Active Directory's group policy?
I have looked at otherthreads on the subject, and read a bit about OpenLDAP and Samba: it seems they aren't drop in replacements but they don't talk about Samba 4 which boasts some group policy features.
Question 2: If we go with the Macs, what's the equivalent on the UNIX side - not in terms of "protocol compatible with Windows" but in administrative functionality? I'm looking for a basic summary and terms/links that I can read through and search on to find out more.
Background info: I'm soon to be making a jump from doing mostly desktop admin (mostly "on the side") to being hired to plan, build and be sysadmin to a small company network for my friend's business (for whom I've been doing work for hire on his websites for a while now). I'll be learning much as I go along (he's well aware of this): I've dabbled somewhat with Ubuntu server on my own but I've never implemented networking more complex than an average home network (router, cable modem, switch for upstairs, Windows networking and DHCP).
We expect to have 6-20 workstations (the 20 being what we expect to grow to), an internal SAN and some other miscellaneous boxes for special functions. The general attitude between us is a preference for *nix servers and a decision will have to be made whether to go with Win 7 or OS X Macs for the desktops (my bias is towards Windows but I ought to give it a fair comparison.) For both security and my sanity, I'm pretty sure we're going to need some form of centralized policy management: Active Directory on Windows and I-have-no-idea-what for OSX/Unix (for the sake of argument let's focus on the fact that it's UNIX under the hood and should respond to Linux server controls - I know OSX Sever exists and that people I know have panned it and that's it.)
Question 1: If we go the Windows route, do we absolutely need Windows Server inside the network just to run Active Directory's group policy?
I have looked at otherthreads on the subject, and read a bit about OpenLDAP and Samba: it seems they aren't drop in replacements but they don't talk about Samba 4 which boasts some group policy features.
Question 2: If we go with the Macs, what's the equivalent on the UNIX side - not in terms of "protocol compatible with Windows" but in administrative functionality? I'm looking for a basic summary and terms/links that I can read through and search on to find out more.
If you want group policy functionality use Active Directory with centrify direct
Centrify is used to use Linux and OSX in windows active directory as clients. Where freeIPA is a complete identity management. I suspect that SAMBA in current form is complete replacement for windows active directory server. It will also depend on how much control you want to have over your clients. Is just the authentication? Or you are looking into more of granular control?
If you have worked a bit on Ubuntu server, then I will suggest you also take a look at Turnkey Linux project PDC: http://www.turnkeylinux.org/domain-controller
For the sake of argument, I mean the more granular settings/permissions control part that AD would provide. Whether we end up actually using it I guess is still a question. If it were just the authentication, Samba or OpenLDAP would be sufficient.
Yes. You are just looking at authentication and authorization on files, then Samba can do the job for you. Granular control as in, preventing users from changing the proxy settings for IE and setting those from GPO and like.
Yes, that. And by the same token, if we don't go with Windows at all, how to do that sort of thing sanely on Mac/Linux - I presume most of it is handled in the *nix permission system.
Perhaps you will find these links interesting. I got them from the Samba mailing list.
Please note that NT 4.0 policies write to the workstation's registry. The Active Directory policies reside in memory so they disappear once the workstation is turned off.
You need to test your policies properly before putting them into production since they write to the registry. You should also create policies for reversing them.
Yes, that. And by the same token, if we don't go with Windows at all, how to do that sort of thing sanely on Mac/Linux - I presume most of it is handled in the *nix permission system.
Just for Linux clients, you will not even require Samba. OpenLDAP will be sufficient for authentication.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.