Right, ZENworks does it, but the only reason to go that way is because you already rely on eDirectory and ZENworks for a ton of other stuff. If not, don't. ZENworks runs on Windows only too, but you do have to install NDS. The GPO stuff in ZfD was a response to 2000/XP desktop managability. From ConslowOne, the interface ended up being the MS snapin, so ZENworks was just 3 layers in the way, if you're just talking about GPOs.
<br><br><div><span class="gmail_quote">On 10/12/07, <b class="gmail_sendername">Andrew Zbikowski</b> <<a href="mailto:andyzib@gmail.com">andyzib@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
If you really want to use group policy, your best bet is a Windows<br>2003 AD server. If at all possible you'll want to have at least two AD<br>servers for redundancy, fail over, etc. If you're looking into it at<br>
this point and you're going to do any sort of licensing with Microsoft<br>you'll want to look into Software Assurance. Group Policy improves<br>with every iteration of the Windows Server OS, and 2008 is looking<br>
really good. It sounds like you're looking at a new AD implementation?<br>If so, you'll want to go with native mode. Native mode means that all<br>domain controllers must be at the same version of Windows. Mixed mode
<br>should be used for transitioning versions.<br><br>As for integrating Samba and Linux, the answer is Kerberos and Samba.<br>Samba knows how to participate in an Active Directory domain as a<br>Member Server. With winbind it can authenticate AD users. There's even
<br>a PAM winbind module.<br><br>You can also setup authentication via Kerberos if you want to use<br>Kerberos aware services on your Linux computers. I haven't tried this<br>in earnest, but to get this all working I imaging you'll become
<br>familiar with the ADSI Edit and setspn Windows tools.<br><br>Samba as a Domain controller emulates at NT4 style domain, so you<br>won't have access to anything group policy.<br><br>I'm not aware of any real alternatives to Windows Servers + AD. Novell
<br>+ Zen maybe, I've got some Novell experience but it's on old versions.<br>When you're looking at managing Windows clients, Active Directory is<br>the right tool for the job.<br><br>--<br>Andrew S. Zbikowski |
<a href="http://andy.zibnet.us">http://andy.zibnet.us</a><br>SELECT * FROM users WHERE clue >0;<br>0 rows returned<br><br>_______________________________________________<br>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<br><a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br><a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a><br></blockquote></div>
<br>