I've been down the road of integrating Linux machines with Active Directory before. I thought I had pretty much done it all. I've installed the Unix tools on Windows domain controllers before. I've setup a Samba 3 PDC that used OpenLDAP for authentication for all Linux and Windows clients. I've even setup an alpha release of Samba 4 for Active Directory services instead of a Windows domain controller. My favorite option thus far has been using Samba 4. Of course, Samba 4 isn't quite ready for prime time yet. It is just an alpha release at this point, after all. Some things still don't work quite right (or at all), such as allowing Exchange to extend the schema during installation.
I'm writing now to tell you about something I just found out about. It's called Likewise Open. Actually, I think that it's most recent name is Powerbroker Identity Services Open Edition. I'm still going to call it Likewise Open, though. In short, it's an application that allows you to very easily join a Linux machine to an Active Directory domain. Once joined, you can login to your Linux box using your AD credentials. It even supports changing your AD password from Linux. You know, if you're required to change your password every so often by policy.
The tool, like most Linux apps, supports command line usage. It also has a simple GUI that allows you to join or remove a workstation from AD. If you use a Debian based distro like Ubuntu or Mint, it's even available in the repos. I tested it on Ubuntu 10.04 LTS and joined a Windows 2003 AD domain in a matter of minutes. The only tweak I had to make was to replace the "hosts" line in /etc/nsswitch.conf with "hosts: files dns". After that, joining the domain was a cinch.
I'm very impressed with Likewise Open. I can definitely see how valuable it could be in an enterprise environment. BeyondTrust, the company that makes the product has some commercial versions with extra features as well. According to their website, with the "enterprise" version of their product you can define Group Policy Objects for your Linux machines. You can even manage AD (think ADUC) from a Linux workstation. They offer a trial download on their site, but you have to fill out a form and someone from BeyondTrust will contact you with the download details. That is what is keeping me from testing what sounds like an awesome product. If you want me to buy your product, just let me download a trial immediately. Don't make me talk to one of your sales goons. I'd rather your product speak for itself instead of having to listen to some sales pitch. Don't get me wrong, I'm very intrigued by what you have to offer, but I'm not giving your personally identifiable information for something that I might decide isn't even a good match for me or my company.
But as far as Likewise Open goes, you should all try it out. You'll be amazed at how easy it is to install and start using.
No comments:
Post a Comment