[tclug-list] Linux, Active directory and group policy

Fri Oct 12 19:48:34 CDT 2007

Right, ZENworks does it, but the only reason to go that way is because you
already rely on eDirectory and ZENworks for a ton of other stuff. If not,
don't.  ZENworks runs on Windows only too, but you do have to install NDS.
The GPO stuff in ZfD was a response to 2000/XP desktop managability.  From
ConslowOne, the interface ended up being the MS snapin, so ZENworks was just
3 layers in the way, if you're just talking about GPOs.

On 10/12/07, Andrew Zbikowski <andyzib at gmail.com> wrote:
>
> If you really want to use group policy, your best bet is a Windows
> 2003 AD server. If at all possible you'll want to have at least two AD
> servers for redundancy, fail over, etc. If you're looking into it at
> this point and you're going to do any sort of licensing with Microsoft
> you'll want to look into Software Assurance. Group Policy improves
> with every iteration of the Windows Server OS, and 2008 is looking
> really good. It sounds like you're looking at a new AD implementation?
> If so, you'll want to go with native mode. Native mode means that all
> domain controllers must be at the same version of Windows. Mixed mode
> should be used for transitioning versions.
>
> As for integrating Samba and Linux, the answer is Kerberos and Samba.
> Samba knows how to participate in an Active Directory domain as a
> Member Server. With winbind it can authenticate AD users. There's even
> a PAM winbind module.
>
> You can also setup authentication via Kerberos if you want to use
> Kerberos aware services on your Linux computers. I haven't tried this
> in earnest, but to get this all working I imaging you'll become
> familiar with the ADSI Edit and setspn Windows tools.
>
> Samba as a Domain controller emulates at NT4 style domain, so you
> won't have access to anything group policy.
>
> I'm not aware of any real alternatives to Windows Servers + AD. Novell
> + Zen maybe, I've got some Novell experience but it's on old versions.
> When you're looking at managing Windows clients, Active Directory is
> the right tool for the job.
>
> --
> Andrew S. Zbikowski | http://andy.zibnet.us
> SELECT * FROM users WHERE clue >0;
> 0 rows returned
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20071012/cd9618dd/attachment.htm 