Forgot your password?
typodupeerror
Linux Business Operating Systems Software Windows

Integrating Linux into a Windows Network? 103

Posted by Cliff
from the penguins-and-broken-glass-panes dept.
Di0medies asks: "I work for a some-what small non-profit organization that uses a windows-based network. We currently have 6 servers supporting about 25 local domain users and about 25 remote users and we're planning on migrating from Server 2000 to Server 2003 in a month or so. Being a non-profit, we're always a little tight on cash and considering Microsoft charges ungodly amounts of money for server software, migrating portions of the network to Linux leaves more cash available for other IT goodies (like a new high-capacity file server!) and also adds more stability and security to the network. All of this depends on how well a Linux server will work on a Windows network. Does anyone have any suggestions regarding Linux integration? Can Windows and Linux be made to play well together? Is there anything out there to add limited Active Directory support to Linux?"
This discussion has been archived. No new comments can be posted.

Integrating Linux into a Windows Network?

Comments Filter:
  • by aralin (107264) on Monday December 27, 2004 @06:51PM (#11195068)
    Seriously? Just tell the poster to go to Samba [samba.org] and leave space for more interesting questions.

    • People, this is Slashdot, not the New York Times. This is an "Ask Slashdot" item. Must we tell someone to google it every goddamn time something is posted?

      For the love of God, can't we just answer someone with our experiences and build up this "Google" you speak of with some actual content?

      I thought the open source community was founded on COMMUNITY. Man, if the old days of USENET could see us now, they'd be ashamed.
      • Your trolling is pointless. I told him all the useless information there is, if you failed to notice :) Keep your moralizing for someone else, please.
      • Man, if the old days of USENET could see us now, they'd be ashamed.

        I was pretty active on USENET during the old days.

        1) People were expected to be reasonably knowledgeable about the subjects they were posting on. That is there weren't many newbie groups at all

        2) In general people didn't ask dumb questions that were easily researched (though nothing like google really existed).

        3) There were other discussion groups like genie, prodigy, AOL and compuserve which were friendlier for these sorts of basi
      • For the love of God, can't we just answer someone with our experiences and build up this "Google" you speak of with some actual content?

        One of the beautiful things about the open source community is that it is a meritocracy - your worth and status as a member of the community are directly porportional to the amount and quality of the work you've done. If a poster is seeking to join the community and has questions to ask of those who have successfully integrated Linux into Windows environments, essentiall

    • by BrynM (217883) * on Monday December 27, 2004 @07:19PM (#11195256) Homepage Journal
      Seriously? Just tell the poster to go to Samba and leave space for more interesting questions.
      I'm going to give the guy a break instead of bonking the noob on the nose for asking. Let's gather from his question that he needs to make a case to a PHB (Pointy Haired Bastard - see Dilbert) and needs to know how the heck he'll install and support Samba without knowing what it is in the first place:
      • An explanation [samba.org] of Samba
      • A Google search [google.com] for Samba consultants
      • Some companies [samba.org] that sell Samba support
      • Another Google search [google.com] for problems with Samba and Windows Server 2003 - to know what may lay ahead
      • And of course the classic Samba HowTo [samba.org] with another Google search [google.com] concerning install problems
      Do I have a theme here? Yes. Am I doing a little hand-holding? Yes. Is it good gfor my spiritual geek karma? Yes. Am I having a Rumsfeld style self interview? Yes. Am I done now? Absolutely.
      • I'm going to give the guy a break instead of bonking the noob on the nose for asking.

        1. Thank you -- well spoken. You are informative, generous, and polite. SlashDot needs more like you.

        2. If someone submits a totally idiotic question, and a SlashDot editor posts that question, then the SlashDot editor is to blame for the idiocy.

        -kgj
    • Just tell the poster to go to Samba

      He specifically asked for suggestions on integration with Active Directory. Just saying 'Samba' is not answering the question.

  • One word (Score:4, Informative)

    by Fished (574624) <amphigory&gmail,com> on Monday December 27, 2004 @06:51PM (#11195071)
    The word is "samba." Samba will more or less allow a Linux server to fully integrate intoa Windows network. I would suggest that, if you are a Linux novice, you leave domain control on Windows and just use Linux as a workhorse. Time enough to move everything to Linux when you're more comfortable with Linux.
  • by Padrino121 (320846) on Monday December 27, 2004 @06:54PM (#11195086)
    I've done similar things in the past and currently I run my print and file servers on Linux quite seamlessly. All of the Windows admins and users don't know any different.

    Samba + PAM + CUPS gives you integrated authentication, SMB/CIFS file serving (Windows file sharing protocol), as well as SMB and IPP printing.

    I don't know of any tutorials off the top of my head but Google gave me all I needed to figure it out.
  • Kinda Small (Score:4, Insightful)

    by Bios_Hakr (68586) <xptical.gmail@com> on Monday December 27, 2004 @07:10PM (#11195190) Homepage
    You have, what, 50 users? Why deal with the licensing headaches from Win* server at all? Linux (running Samba) makes a great Domain Controller. Add another Linux/Samba for SAN/NAS. Throw in one more for a print server. I don't know too much about mail on Linux, but I hear postfix is nice.

    In any event, your network is *way* too small to deal with Win* crap. Even if it's *donated* by MS, there's bound to be licensing issues at some point.

    Deploy Linux in your server room and then migrate your users at a later date...if at all.
    • You have, what, 50 users?

      I wonder why 6 servers are needed for only 25 local and 25 remote users. Are they doing a render farm for non-profit animations?

      • PDC, BDC, a couple of application servers (Lord knows that vendors don't like to get along with one another on the same machine!), maybe a web server. They can add up without trying too hard.
      • It's probably not much of a stretch to assume they're running this on less-than-state-of-the-art hardware. Most of the non-profits where I know people in similar situations are a version or two back on their server OS and running it on hardware with which they couldn't take up to Win2K even if they could afford the licenses.

        If their remote users are using any of these boxes for RDP or VNC, I'd be wondering how they get along with just 6.

      • I wonder why 6 servers are needed for only 25 local and 25 remote users. Are they doing a render farm for non-profit animations?

        While I can definately see the comedy in having 6 servers for 50 users, it's still realistic. While small, reliability is still an issue. When you start thinking about the need for file, web, mail, database, and any specialty server applications it makes sense to spread things out.

        Microsoft charges ungodly amounts of money for server software, migrating portions of the netw
  • I've never done this before, so take it with a grain of salt, but Active Directory can act as a kerberos ticket server, and therefore should be able to work with anything that uses kerberos.

    Having never set up Linux to use kerberos either, I couldn't tell you what packages are available to do this, but I would imagine that they do exist.
  • AD integration (Score:3, Informative)

    by tfiedler (732589) on Monday December 27, 2004 @07:13PM (#11195212)
    We use Vintela's VAS authentication product for active directory integration, and although it isn't free, it is by far the easiest thing to configure. You can completely manage user accounts from within the Users and Computers administrative tool with it and installation of the software can be as easy as an rpm command.

    I know there are lots of free software bigots on this site and you can find lots of sites purporting to have easy configuration instructions for kerberos/AD set up, but I don't care. This product works, period. And it does it in an easy manner and it does it flawlessly, at least in our environment, which is a true 24x7 environment where uptime and accessibility matters -- a hospital.

    • What about Edir from Novell? Edir can encompass AD, NDS and Linux. I'm not sure how they price for non-profits, but you may be able to get it free.
  • Licenses (Score:2, Informative)

    by tenchima (625569)
    One thing we found when moving from 2000 to 2003 servers is that the terminal server licensing is not free. On a 2000 server each server had an unlimited TS License. On 2003, you have to purchase them. One extra cost to beware of.
    • They did nothing of the sort. You can use 2 terminal service licenses for remote administration in 2k just like 2k3. They are absolutely *not* free in 2000. For regular users, not remote administration, you are supposed to get TS licenses; be it win2k or win2k3. Don't take my word for it. [microsoft.com]

      Q. Do I need to purchase a Terminal Services CAL for each machine that is running a validly licensed copy of Windows XP Home Edition and connected to a Windows 2000 Terminal Server?

      A. Yes, all Microsoft
      • A. Yes, all Microsoft operating system products (except for Windows 2000 Professional and Windows XP Professional) require a Terminal Services CAL to access a Windows 2000 Terminal Server.

        I believe the bold section above is what the parent post was referring to. Unlike Windows 2000, Windows 2003 requires seperate Terminal Services CALs for XP Pro and Windows 2000.
  • by samdu (114873) <samdu@ronintech . c om> on Monday December 27, 2004 @08:06PM (#11195647) Homepage
    Unless you're running software that requires Windows on the server, you shouldn't have any problems replacing all those Windows servers with Linux boxes running Samba. I don't do Active Directory using Samba, but I've heard that it's possible and that the next version of Samba will have full AD support. I just haven't found any compelling reason to use AD.



    And if you need remote VPN access, check out OpenVPN. It's SSL based, easy to configure (comparitavely), and stable. There are clients for Windows, Linux, and Mac.

  • If you have an application that requires Microsoft to run on the backend, then you are going to have trouble replacing said server with Samba. If it is an application that everyone uses, then even if you replace the other servers with Samba, you will still need the Microsoft CALs (client access license) to attach to the one remaning server. That is where the costs get you, not always the server software, but the CALs.

    You can still make a case for migrating away from Microsoft at that point, but not bas

  • What do you mean by "server?" File servers? Directory servers? Database servers? Web servers? Backup tape servers? Mail servers? Web proxy servers? What the heck are you serving?

    And, how will adding servers improve your stability and security? Is there some sort of hot-backup software you're using that works on both linux and windows?

    Regardless, if you're using 6 servers for only 50 users you might want to investigate whether or not all of them are really necessary. First figure out what you're
  • by jotaeleemeese (303437) on Monday December 27, 2004 @09:02PM (#11196066) Homepage Journal
    And thus the answers you will get will be equally useless (crap in-crap out model....).

    If you are more specific about what your servers are currently doing I am pretty sure people will help you out.

    Now, for basic servics:

    - File server and print server: Samba.
    - Authentication servers: I believe Samba can act as a domain controller.
    - DNS server: bind running in Linux.
    - Web server: Apache.
    - Dsta Base servers: MySQL.
    - Backup server: Amanda.
    - email: sendmail, postfix....

    So, exactly which services are you aiming to provide???
    • Database - Sybase ASE 12.5

      If the box is
      Running Linux
      On one CPU
      With 2G of RAM or less
      And keeps the total database space to less than 5G

      = free Sybase ASE 12.5
      Sybase Linux Promo [sybase.com]
    • I don't want to start a flame war here. But we should be more careful about recommonding MySQL as a replacement for SQLServer. NQA SQLServer is much more feature rich than MySQL. It is also better designed.

      MySQL is faster. Other than that I can't think of any area where it isn't worse than SQLServer.
      • Hmmm, we use PostgreSQL at work, running on a Linux box (most of the servers, except mail gateways, SQL and a few other miscellanies run Win2003) and it works wonderfully. PostgreSQL, exim (for a gateway setup), Samba file-sharing...they all are using either LDAP or Kerberos to authenticate either a user log-in or that mail is sent to a valid AD user. So far we have been really happy with the migration to Linux (all within the past 6 months) and some more features are starting to migrate (listserv, a CVS-
        • PostgreSQL is much more feature rich than MySQL. Its big problem (relative to SQLServer) is ease of use and speed. You seem to be mainly talking about Samba features. I was speaking more about the issues of the databases relative to one another. In other words things that would be equally true of MySQL running on Windows.
  • by imsmith (239784) on Monday December 27, 2004 @09:14PM (#11196131)
    This is an honest question, coming from a legitimate source, so all of those who think no one is out there stumbling along trying to understand all at once everything you have learned over the course of years need to take a deep breath.

    To the question: Yes, you can phase out your Windows 2000/2003 server in favor of Linux servers. Whether it is worth it is up to you to determine - if you have a lot invested in your Windows server admin skills, and you don't have time to devote to raising your Linux server admin skills, this may not be for you. Both OS's require a degree of skill to manage, particularly for networks of desktops being employed by people who need the desktop to be perfect all the time (which is what my experience tells me small non-profit users expect).

    If you are willing/able to meet the skill requirements for the system & network administration, and can translate that into desktop support that meets or exceeds that you deliver now, you need to come to an agreement with the organization about how best to deliver services using Linux. Some services can be moved off of Windows relatively transparently, but those which users seem to be most sensitive to generally aren't as easy to migrate.

    If you are running Exchange, particularly if you are using group calendars, there isn't a terrific free-as-in-beer Linux solution. SuSE Openexchange Server offers what looks like a nice solution, but the pricing isn't a significant difference to the Microsoft non-profit pricings that I've experienced, and it comes with a recurring annual client license fee.

    If you are extensively using Windows DFS for your file service, then the transition to a system that uses SAMBA, NFS, or DAV will be visible to the desktop user, with all the associated gnashing of teeth that brings. If you haven't implemented DFS, then the reproduction of home directories and shared directories with SAMBA should be simple and, with group policies, transparent.

    Authentication of users against the Active Directory to Linux network services isn't as hard as it might seem. By installing the Microsoft Services for Unix (or whatever they are calling it this week) you will get POSIX fields in the Active Directory schema that can be used to write LDAP queries against for authentication via PAM, Apache modules, and PHP, Perl, and Java applications. Likewise, logins on Linux servers and workstations with AD credentials can be directed against the AD via LDAP, and SuSE has this option included in their default install process.

    Finally, there are likely applications that are seen as critical to the success of the organization that are only supported on Windows. These niche applications will necessarily govern how much you can remove Windows from your back office.

    In general, the introduction of a few Linux server into your back office is as painful as you want to make it. Moving user or customer facing services to Linux has to be an organizational decision, but it doesn't present a lot of technical problems. The biggest thing to remember is that you are meddling with the culture of the organization. These 50 people are doing something they consider very important, and they are not interested in what is cool to a bunch of geeks. If you thing Linux will save you enough money to buy 'IT goodies' then you shouldn't even bother, because it isn't the right motivation. Linux can save money, it can be more secure, and it can be more stable, but all of those things are irrelevant if they users are pissed off because 'it worked fine before you changed things'.

    My advice is to use Linux to deploy new services, integrate it into the existing network, but only replace something that works when it is time to upgrade (since it will break anyway) or when it stops working. Be open and honest when you deploy something, when it breaks as well as when it works fine, and if you blow it up, take responsibility and don't blame someone else.
  • (1) SMB:
    The support is there fore most distros to use an AD server for authentication, (users, not groups, and the users must exist in the password file). On fedora, which I recommend as an alternate to RHEL (RedHat is the easiest to configure in this area imho), the command to look at is authconfig. Enter your domain, your primary and secondary servers, and your AD auth setup is done.

    (2) VPN:
    consider using PopTop [poptop.org] as a pptp vpn server for linux. There is documentation available but there are also other way [tldp.org]
  • A lot of choices (Score:4, Interesting)

    by rsax (603351) on Monday December 27, 2004 @09:47PM (#11196323)
    It all depends on your budget. It sounds weird but do you want to go the opensource way and not pay at all or do you have some funds set aside for this change? I'm mainly referring to using commercial Linux distros like RHEL [redhat.com] or SUSE [novell.com]. Both subscriptions, the basic options, can be bought for roughly $350 per year. That will get you a stable platform which doesn't change a lot for five years. If you don't want to pay for RHEL or SUSE support and don't mind supporting yourself with the help of a community then I would suggest going with a RHEL clone operating system like CentOS [centos.org]. It's based on RHEL, the developers use the same SRPM packages provided by Red Hat so you still get some of the benefits.

    Now for the application stack. I prefer using Novell's eDirectory [novell.com] as opposed to Microsoft's Active Directory. It'll run on Linux so that's one less Windows server right there. The price is based on a per user basis which comes up to $2 per user! Not a bad price. Tie that in with all your Linux services such as Samba, IMAP server, Postfix with eDirectory using the LDAP protocol. Their password self-service [novell.com] option is pretty enticing as well.

    While we're on the topic of Novell and moving away from Windows on servers, look into GroupWise [novell.com] as a messaging server instead of MS Exchange. Again, it runs on Linux as well a bunch of other platforms and has cross platform clients so you're not limited to Windows for end users either.

  • by millisa (151093) on Monday December 27, 2004 @11:25PM (#11196769)
    I know the original question was 'how do I dump MS for Linux', but I highly suggest you choose the right tool for the job. Yes, Linux is great. Samba is great. Administering it, well, it depends on *you* really. As most are guessing, it doesn't sound like you've heard of samba, so it is likely you are fairly new to the Linux scene. Great. Welcome.

    Now, you really need to decide if it is the right tool and if you can make it the right tool. Before doing that, consider your current setup and your current upgrade path. Is MS wrong for you? Maybe not. Do you qualify for Non-profit MS licensing? [microsoft.com] Yes, it is evil and I should be lashed for suggesting it. However, it is important to know that the option exists. If you do qualify, you are not going to get a better licensing option from MS at your size in all liklihood. Small Business Server 2k3 is definitely targetted at your size organization; find out what pricing you can get for it from the MS marketroids. Let them even give their TCO arguments to you. Remember them, write them down, you'll need them.

    Once you have that info, you have the ammunition to help justify your linux proposal. Or you won't and you'll have at least chosen the Evil Empire with thought...

    Don't make the switch just because the zealots are pushing you to. Make the switch when it is the right economical, business & technical supportable option. Learn Samba. Prove it works to yourself. Bring in a workstation with it and prove it works to the non-profit. Prove the TCO argument. You *will* win if they really listen.
  • 1) I'm guessing you may have some role other than 'the IT guy' at your office, or that you're the only tech they have for an operation that size. Switch your userbase to Firefox if you haven't already. It can save you unbelievable amounts of time you'd otherwise spend cleaning spyware/adware off your workstations. You can help smooth the trasition from IE using the IEView and Googlebar extensions in Firefox. Get them hooked on the extensions and they'll never look back. There are some truly useful too
  • I know this isn't what you asked, but Microsoft significantly discounts and even donates software to non-profit organizations. You might not need to change platforms at all. See this site [microsoft.com].
  • I'm surprised this hasn't been mentioned.

    The European Union offers a 148 page migration guide for going from Windows to GNU/Linux. The IDA-project [eu.int] produced this high-quality must-read [netproject.com].

    You go now.
  • A real answer... (Score:5, Informative)

    by eric2hill (33085) <[ten.kcaji] [ta] [cire]> on Tuesday December 28, 2004 @10:30AM (#11199012) Homepage
    ...instead of "go use Samba you fucktard".

    I run a corporate AD forest that covers 3 countries. We have 3 primary AD controllers at the corporate office and a local AD controller at each major branch office. I've started integrating Linux into the mix, with an Oracle server, Mail server, DNS server, and a few application servers.

    The hardest part has been getting Kerberos to properly authenticate with the AD tree. Basically, strip an off-the-shelf copy of Linux of anything related to Kerberos, then install a fresh copy of it from MIT. Once you've got that working, go pick up a copy of pam_krb5 and plug that into the PAM system. From then on out, all the linux services can authenticate with the AD tree through Kerberos.

    If you want to share files, then you'll need to go the Samba route, but you don't have to start there. Plenty of Linux services (Courier IMAP, QMail, Bind, etc) work just fine on an AD forest without Samba.

    I'm not sure if I'd trust my entire enterprise to Linux just yet. The time involved in figuring out which of the 5,000 configuration files I need to update to add a user isn't worth the ~$15 per user license of Windows. A single Windows 2003 server license plus users is very reasonable. It's the cost of 10+ server licenses that will kill you. Run a Windows AD controller and use Linux for the services on your network.
    • Yours is the only thinking thread in this entire story.

      I've been involved in investigating Linux for our enterprise, and have been completely underwhelmed. Kerberos usually doesn't work out of the box for authentication and administering a few thousand of these machines is going to be a nightmare.

      By the time we start maintaining our own distro, train our support people and shove linux down the user's throats, we'll have spent 5x more than the cheap Windows licenses.
      • by eric2hill (33085)
        I spent a full week trying to get Kerberos to work with my AD forest. I ran into one thing after another. In no particular order...
        • Choose the right distro. Mandrake is really for a desktop, RedHat costs as much as Windows, so does SuSe. Gentoo? Long compile times - yuck. How about Debian? Which install can be run over NFS? Guess we'll stick with RedHat
        • RedHat Enterprise Linux 3 comes with an old version of Kerberos installed that is incompatible with AD
        • RedHat also puts Kerberos files in non-stand
      • I've been involved in investigating Linux for our enterprise, and have been completely underwhelmed

        What were you investigating it for? It sounds like using Linux servers to replace Microsoft servers on Microsoft specific tasks in an all Microsoft environment using staff that are Microsoft trained. Well yeah I guess Microsoft does probably do a pretty job under those conditions.
    • One thing to note about MS Kerberos (and I'd hazard a guess this applies to all installs) is that you have to have a stable time source for your AD servers to access. All your other servers get their time from the AD server. I found out the hard way about this one. If the time source gets flakey, or your servers can't reach it for a period of time Kerberos gets out of whack.
    • I'd suggest you're think a bit small on your response. ~$15 per user. Maybe if they are just using file sharing. If they are using Exchange take on license there. Take on more when they have to "upgrade" Outlook and Exchange because the old version is no longer supported. Add in some more licensing for SQL Server too. Oh one manager is using MS Project, oh now half the company is yelling for it. Microsoft get expensive quick
  • Anyone considering using open source software in a small non-profit should be in touch with the non-profit open source iniative (nosi). There is a wealth of experience there and it is a good group of individuals. http://nosi.net
  • I'm totally embarrassed that anyone who uses Linux would jump on someone interested in learning it. YOu guys should be ashamed of yourselves.
  • As a non-profit organization, you may qualify for special pricing of commercial products, including Microsoft stuff (apps, servers, licenses). If the price is low enough, you may actually be better off with a commercial solution instead of an open source one. That may be heresy here on Slashdot, but then again so were Galileo's teachings in the Catholic Church.

    Check out TechSoup [techsoup.com].
  • I managed to connect linux to win xp home almost imeddiately, it's not difficult. The problem is windows itself: I still can't have Win xp home view a win98 pc...

Make headway at work. Continue to let things deteriorate at home.

Working...