Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Linux Business

Linux Desktop Deployment Postmortems? 371

Posted by Cliff
from the how-well-did-it-do? dept.
duffbeer703 asks: "My employer runs alot of desktop and laptop computers -- something in the neighborhood of 40,000 PCs. Currently they are all Windows 2000 & XP managed by Active Directory and other big, complicated enterprise management tools, all of which can support Linux in one form or another. I'm looking for ways of making Linux (and maybe Unix or even Apple desktops) an option as we replace or add PCs. The problem is, most of the resources that you find online about deploying Linux focuses on server environment, and the articles that I do find about desktop Linux focus on standalone developer workstations, the IBM conversion to Linux (which doesn't seem to have happened) or things like LTSP, that won't integrate well with our infrastructure. Is anyone out there successfully using Linux for regular users? How did it go, and how did your IT and user communities adapt to the new kid on the block?"
This discussion has been archived. No new comments can be posted.

Linux Desktop Deployment Postmortems?

Comments Filter:
  • Ubuntu? (Score:5, Informative)

    by abscondment (672321) on Thursday December 01, 2005 @12:11PM (#14158095) Homepage

    This article [slashdot.org] was posted a little while ago about a user who used Ubuntu in a completly MS environment without his boss noticing for a few months. (linked article [madpenguin.org] from the story)

    My experience with it is that it's one of the most mature Desktop distributions, coming complete with most of the tools one would need to perform most jobs. Easy install, and you can use Syntaptic/apt-get for upgrades and additional installation since it's Debian based. You should check it out [ubuntulinux.org].

    • Re:Ubuntu? (Score:5, Funny)

      by GigsVT (208848) on Thursday December 01, 2005 @12:15PM (#14158136) Journal
      Sigh.

      First the Red Hat zealots came for me, and I said nothing because I didn't want to run a commercialized distro
      Then the Gentoo zealots came for me, and I said nothing because I didn't want to compile everything
      Then the OS X zealots came for me, and I said nothing because I won't pay for overpriced hardware
      Finally the Ubuntu zealots came for me, and everyone was so sick of offtopic zealotry that no one spoke up at all.
      • By the power of Godwin*, I have the modpoints!

        * [wikipedia.org]
    • I'm just doing a similar experiment at the moment; I have two machines, one running Ubuntu 5.10 and one SuSE 10, running Gnome on both. Both have been pretty straightforward to integrate with our work system so far; samba & ssh for file exchange either way, connection to printers is no problem. One is on a fixed ip address, the other uses dhcp. The only hassle might come when we switch to an Exchange mail server, which is due to happen soon. But again, that will be a problem for both.

      Personally I pref

    • Ubuntu seemed extremely interesting because of ShipIt - that is, they send CDs for free. How convenient, no hassle of downloading and burning. Too bad they sent me a bunch of corrupted 5.04 discs! I tried different discs on different machines and could never complete an install. Luckilly, I had Kurumin. [guiadohardware.net] Far from as cool as Ubuntu is supposed to be, but at least it worked. To be fair, I'll request some 5.10 discs and give it another go.
    • Re:Ubuntu? (Score:3, Interesting)

      Here's my story. I worked in a callcenter. VERY M$-centric. They were using MSAccess to handle all their supervisory overhead. (write-ups, time tracking,HR stuff) and it was horrible. the damn thing crashed EVERY DAY.
      This is a server story--->
      I got permission from my boss (who was not in the IT department) to build a proof of concept web based replacement for 200 users.

      system:
      Compaq Armada 7400 Laptop
      PII 300
      64 MB RAM
      Slack 10

      Now, Everything was going well for months. All the supervisors were h

      • Re:Ubuntu? (Score:3, Insightful)

        by Dan Ost (415913)
        Sounds like you're perfectly positioned to get top-down approval now considering you've already demonstrated a clear need, know what kind of improvement you can expect, and have the support of the people who will be using the system.

        Try it again and let us know how it goes.
  • Head first (Score:4, Funny)

    by saskboy (600063) on Thursday December 01, 2005 @12:11PM (#14158102) Homepage Journal
    IT's probably best to dive into a Linux or any OS migration for users head first, all at once, so everyone in the office has identical migration problems and can assist each other if the official tech support is busy. It's like the choice between staying with paper, or going with computers, that businesses had to make in the '70s, '80s, or '90s. There will be some people who would never bother to learn unless they are tossed into it kicking.
    • I would disagree in that, if you slowly integrat *nix boxes you will weed out most of the problems with the smallest amount of lasting effects, as you will learn from your mistakes and not have the problems with a large amount of computers.
  • Size matters (Score:4, Insightful)

    by Professional Heckler (928160) on Thursday December 01, 2005 @12:14PM (#14158121) Journal
    Your employer runs a pretty hefty workstation. Although I have worked for, or known people that made similiar switches the scale was not even close. So it worked pretty well as the community was close-nit and excited about the change.
    In your case though, there will be more disruption, not everyone wants to use linux... Id suggest just inserting the new computers in one department, preferably one where the employees are already interested in linux. I would also suggest taking a workgroup poll to get interior feedback interest as well.

    prof
    • First, be patient. I don't think the IBM migration is as dead as it appears. Most of the commercial migrations I have seen take 2-3 years to accomplish assuming that a fair amount of resources are thrown at the problem. If you want a smoother transition, I would suggest planning for 4-5 years. This timeframe should allow you to rewrite all your inhouse applications to support Linux if necessary

      The first step is to identify those workstations that have the simplest requirements and/or the users who are m
      • How does a company handle a 2-5 year transition to something like Linux, which invariably, has completely new versions released every few months? Seems like Linux, at least at this point, is a constantly moving target that would make a long-term transition very difficult. I remember that Red Hat, for example, released 3 completely different, sequential versions within one calendar year!! Can you even get support for a 5 year old version of Linux?
        • First off, you don't have to be using the most current version of the kernel at all times. Using one thats a few years old is fine- security fixes are backported.

          Secondly, distro version!=linux version. There's even less reason to switch every time the distro releases than any time the kernel releases. Just install whatever version you decided on, and then update whatever apps you think need updating. Just like in windows land.

          And finally, yes you can get support for older versions of Linux, and older
          • First, if you set it up properly, there is no reason that upgrading your system should be harder on Linux than on Windows. THere are great tools like Yum, apt-get, etc that can be scheduled, and you can push out configuration files via scp and shell scripts if you like.

            Secondly, you have far less work interruption from updates on Linux than with Windows. With tools like apt-get or yum you could indeed upgrade the distro without taking it down for the upgrade or booting the user off his/her applications (d
        • Can you even get support for a 5 year old version of Linux?

          I cannot find any information on how long RHEL versions are supported with Red Hat's support engineers. However, they maintains update support for (and expect you to be using it for up to) seven years, so I would assume that the answer to your question is probably "yes."
  • Not here, either (Score:2, Informative)

    by NineNine (235196)
    Just so that nobody thinks that nobody is reading this thread... No Linux deployments at my company. I don't think that we'll look at Linux again for at least a few more years. None of our important apps work on Linux, and we have no Linux expertise in our small company.
  • "Postmortem" implies "after death". I think they'd like to see the time after the death of Linux migration [unless that happens because everyone has migrated].
  • Guitar Strings (Score:5, Informative)

    by jag7720 (685739) on Thursday December 01, 2005 @12:16PM (#14158145) Homepage
    Take a look at the Ernie Ball guitar string company. They made the switch several years ago. It is only 300 +/- people but they did it cause they got hit with being out of compliance with M$

    Read Rockin' on without Microsoft [com.com]
  • Ghost et al. (Score:5, Interesting)

    by meisenst (104896) on Thursday December 01, 2005 @12:16PM (#14158147) Homepage
    I was able, at some point a few years back, to produce a Ghost image with Red Hat, OpenOffice, and a login model that used my office's Windows infrastructure to authenticate users automatically. It worked very well. I used it on several test PCs and was able to boot them up, ghost them, and have them come up connected and ready to use.

    It was fairly straightforward to set things up with simple additions to /etc/skel. The only real kneebiter was the fact that the vast majority of the office required Outlook, and for some reason (I don't recall what) Evolution wouldn't quite cut it. I seem to recall problems with lookups in the Active Directory using Evolution, but for all I know that's been fixed by now.

    I ran this thing on my PC for months before my employer even noticed. I used VMware for my Windows needs (as I was a network administrator, I needed to run some troubleshooting in Windows for user support) and Samba for all of my day-to-day shares and printing. In the end, the only reason anyone knew what I was running was that I was sick one day, and someone tried to sit at my desk, with very small amounts of success.

    Now if only I'd kept a copy when I was let go!
  • You know (Score:5, Insightful)

    by sjvn (11568) <sjvn@vna1STRAW.com minus berry> on Thursday December 01, 2005 @12:19PM (#14158180) Homepage
    You could just give Red Hat or Novell a call and either one will be more than happy to give you their dog-and-pony show for their desktop offerings. I mean, they do do this kind of thing for a living these days.

    Do you have must-keep Windows apps? Try CrossOver Office

    http://www.eweek.com/article2/0,1895,1886920,00.as p [eweek.com]

    or

    Verasora/Win4Lin

    http://www.versora.com/ [versora.com]

    I've used and deployed them all in small businesses with AD management, and they've all worked. There's no reason why they wouldn't work in larger businesses. After all, as IBM and Oracle are showing, they already do.

    Steven
    • Verasora/Win4Lin

      http://www.versora.com/ [versora.com]


      That page isn't loading right now, and a google search doesn't come up with anything.

      They really need to work on their online presence.
    • Re:You know (Score:3, Insightful)

      by DrXym (126579)
      You could just give Red Hat or Novell a call and either one will be more than happy to give you their dog-and-pony show for their desktop offerings. I mean, they do do this kind of thing for a living these days.

      The funny thing is that for companies who do this for a living, where are the migration tools? Microsoft provide a shit load of migration tools for moving away from competing products and even old versions of their own products. Why doesn't Novell or Red Hat?

      Think how attractive it would be if RH

  • by HerculesMO (693085) on Thursday December 01, 2005 @12:19PM (#14158181)
    There's a few reasons why an IS department won't roll out Linux into an Active Directory environment.

    First, is that they cannot control the desktop using policy. This is the biggest selling point of using Windows in a workgroup domain, and especially to manage as many servers and end users as they have. Active Directory, while not perfect, is awesome in its capabilities -- all stolen mostly from Novell's NDS :)

    Next, is expertise. Why would you introduce something into an environment that nobody really knows how to use? Your executives aren't 100% sure but they know 100% that they need to hire staff that can take on Linux servers/desktops and supporting them. That means paying a premium for that labor, and it's not necessary when you can get Windows guys on the cheap.

    Lastly -- companies are hesistant to change. Financial companies in particular go with the mantra, if it works, don't touch it. You will see lots of these smaller shops on NT 4 still because to them... it works. Larger corporations that have to meet with SOX compliancy issues are forced into upgrading. That's what happened where I work.

    Anyways.. best of luck trying to introduce Linux into your environment. I am going to say that you will crash and burn trying, because a company that large doesn't likely have a *need* for Linux. And if's not a necessity, a good business decision is not to let it happen. Again the mantra, if it ain't broke...don't fix it.
    • Lastly -- companies are hesistant to change. Financial companies in particular go with the mantra, if it works, don't touch it. You will see lots of these smaller shops on NT 4 still because to them... it works. Larger corporations that have to meet with SOX compliancy issues are forced into upgrading. That's what happened where I work.

      Interesting posting, but you are forgeting an even more powerful force in corporate culture - corporations are always looking to cut costs. That $10M and growing annual c

      • Hehe, it's only if a company is actually buying the license agreements year after year. In financial institutions it rarely happens. They will use the software and hardware until it's dead and buried by everybody else, because it still works and change makes a company susceptible to not being able to trade, make a loan, etc... that's HUGE amounts of money in a day it can't afford to lose.
      • Why would a company arbitarily cut an annual check to Microsoft? Generally, money is used in exchange for goods and services, and to the best that I can remember, MS has never released OS's more frequently than 3-5 years apart. And even then, those aren't forced upgrades (I've standardized my company on Windows 2000).
        • Why would a company arbitarily cut an annual check to Microsoft?

          Annual support contract, most companies have them.
        • (I've standardized my company on Windows 2000).

          God this forum has declined. A few years ago most people would be embarrased to admit that. So you pay nothing to keep employees in Windoze and Orifice licenses? Are you using warez? I work at a company site with 5000 people. The annual bill is hefty.

      • Interesting posting, but you are forgeting an even more powerful force in corporate culture - corporations are always looking to cut costs. That $10M and growing annual check to M$ will eventually overcome the cultural inertia. It has been slow going for about 8 years, but it is happening.

        Yes - but from what I can tell most US companies seem awfully concerned with cost savings here and now - as in on this quarter's, or this year's bonus. There's no doubt that a Linux migration is a long-term investment that
    • For a Gnome based desktop, Sabayon appears to be about the best thing I've found yet that allows you to create "profiles" for different users.

      I don't think it's anywhere as good as what I've heard group policy to be, but it's a start in the right direction. I've found it to be quite buggy and it took me a couple of days to get the desktop _as_I_wanted_it_.

      (See http://www.codepoets.co.uk/sabayon_creating_linux_ desktop_profiles [codepoets.co.uk] which may be of some use as feedback/info)

      DG
    • Financial companies in particular go with the mantra, if it works, don't touch it.

      That's a good mantra. I'd swear by it!
    • Why would you introduce something into an environment that nobody really knows how to use?

      Because they didn't know how to use the first environment to begin with.

      Trust me... If you work corp help desk, you would understand. It wouldn't matter if it is Windows, Apple, or Linux... It is all the same to most people who don't know computers. *coughs*
  • by John the Kiwi (653757) <.moc.iwikehtnhoj. .ta. .iwik.> on Thursday December 01, 2005 @12:27PM (#14158265) Homepage
    I've been trying to get Linux instaslled on the desktop for a few of my customers, but had problems finding a suitable model for deployment. Say what you will about Microsoft (and here most people do) but their deployment tools are pretty good. All of my new deployments utilise RIS (Remote Install Services) which greatly reduces client installation times.

    Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time. Workstations can be restored without anyone technical being required on site at all.

    I've looked and looked and haven't been able to find any resources for doing similar tasks with Linux based desktops. The closest I've come up with is to use custom built CD Rom desktop OSes, but these are much slower than using a workstation with the OS installed on a local hard drive.

    I'm sure it can be done, perhaps by remotely mounting common application and /home folders to a central server. But I've never seen any Howto's or even descriptions of anyone having done this in the enterprise before. Not to say it hasn't been done, just that noone's written how it's done (that I've been able to find).

    Not much help I know, but it shows why my company is still an MS shop.

    John the Kiwi
    • All of my new deployments utilise RIS (Remote Install Services) which greatly reduces client installation times.
      Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time.


      RIS helps greatly under Windows because you can't just install everything you want and then image the drive (unless you plan to put it on 100% identical hardware, and even then you need to sysprep it). With Linux, you can do an absolute base install in about thirty seconds more than it takes to
      • I appreciate the reply. I've been using Linux on and off for upwards of 6 years now and while you've glossed over a solution you haven't pointed me to any useful information on how to achieve what you're saying.

        Can I do a base install of Linux in 30 seconds like you say? What technologies would I use? How do you make sure the kernel is compiled with all of the appropriate drivers? What scripts should I be using to automate the copy from the CD or networked image?

        I'm well aware that these things can be done,
        • Can I do a base install of Linux in 30 seconds like you say? What technologies would I use?

          Here's how I've done it in the past:

          0. make tarballs of the machine where I built the system image (with users and everything). Make them once, use them forever.

          At the machine I want to install on:
          1. boot off a CD or network image
          2. create boot and root partitions (~10 seconds)
          3. install the bootloader (~10 seconds)
          4. fire off a script that untars the boot tarball onto the boot partition, untars the root tarball onto
    • I'm sure it can be done, perhaps by remotely mounting common application and /home folders to a central server. But I've never seen any Howto's or even descriptions of anyone having done this in the enterprise before. Not to say it hasn't been done, just that noone's written how it's done (that I've been able to find).

      Why is it that people think Desktop Linux and Server Linux are different animals when it comes to enterprise setups? Enterprises have been doing rapid deployment, diskless (or minimally local)
      • I know this can be done. My question is how?

        Where is the information? Where are the success stories with Howto's? What symbolic links should I mess with?

        It's all very well to talk about AFS and ACLs and updating a bazillion desktops but you've given me nothing. Got any links to any of this? Bonus points for finding links and information that shows good ways to integrate this with Samba and CIFs to support current Windows based wiorkstations while we integrate Linux based desktops.

        So thanks for your post, bu
        • Well, then, maybe I can salvage my KiwiKarma a little...

          A good place to start would be Linux Terminal Server Project [ltsp.org] (click 'Documentation' on the left). Even if it's not exactly what you're looking for, it'll teach you a lot about setting up thin clients, DHCP server, diskless PXE (network) boots via TFTP, mounting root NFS filesystems, etc. They tell you all of this in the context of setting up LTSP, but most of it is general knowledge, and very transferrable to whatever purpose you had in mind.

          It might n
    • NIS+ plus NFS is what Cisco uses. They admin both Solaris and Linux this way. I'm sure there are relevant HOWTO's out there.
  • by RobotRunAmok (595286) on Thursday December 01, 2005 @12:30PM (#14158295)
    Let me state that I love Linux, and I am fortunate enough to be able to use it for my work.

    In the past I've been responsible for switching a small company over (circa 150 desktops) from -- what was it now? -- DOS to WIN 3.1, or WIN 3.1 to WIN 95, I forget, I've burned it from my memory. And it was a nightmare. Not cuz it was Windows, cuz we were switching, period. Accounting gave us hell ("what are the cost benefits again?"), users gave me hell ("Time is Money, Y'Know!"), and Super Senior Mgt tweaked me more than once ("If you weren't switching us to this, um, upgrade thing, what is it that you would be doing, hmm?"). Learned an AWFUL lot about wacky boutique Accounting-Inventory-Shipping-Graphics-YouNameIt programs that all ran lovely on the OLD system but had to be bludgeoned into submission on the new.

    Not saying you should not upgrade. Not saying Linux is not an upgrade from what you're using (not saying it IS, either; you really need to examine the apps). Just saying that you really need to look at this upgrade from every direction short of Sunday before you dive into the change. There's a large, cold room reserved in the House of Pain for Linux Evangelists who push their companies to make The Switch without having a whole pond worth of ducks in a row.

    Good Luck, Bud, and God speed! And better you than me.
  • Disaster (Score:5, Interesting)

    by TedCheshireAcad (311748) <ted@fc.ritAUDEN.edu minus poet> on Thursday December 01, 2005 @12:31PM (#14158311) Homepage
    I used to work at a private high school in the Northeast. You can probably figure out what one by looking at my user name. Anyhow, we (read: I) tried a rollout of Linux on our file servers and routers. Here's what happened:

    The Linux file server worked beautifully. We had a simple NT4 domain, setting up Samba with proper permissions was easy. It was easy to administer, very reliable, and fast.

    The Linux router(s) worked well, too. I had a nice collection of scripts run with cron that would turn off internet access to the dorms at a specified time, and then turn it back on in the morning (remember: this was a high school).

    I was even in the process of developing a grading system with the LAMP stack, since at the time, teachers did their grading manually, and often complained about it.

    Everything was running beautifully for months, until politics entered the game. Some higher-ups bought software without consulting the IT department (me and one other guy) that of course only ran on Windows. They also decided that we were going to go with FileMaker for a grade database, that was maintained by some high-price consultant. In the end, they wanted everything to be Windows for some reason or another (misinformed about how Open Source works, you know, the whole deal). My wonderful little Linux environment disappeared, and eventually, so did I.

    Moral of the story: technical challenges aside, your project can always be torpedoed by someone who is self-important and more powerful than you.
    • Re:Disaster (Score:2, Interesting)

      by stevey (64018)

      I've had similar things happen to me in the past, more than once.

      The most common experience I've had is working with a small company with approximately 50 staff on site, and a few remote. The backend is entirely Linux based, Exim for Email, Apache for the webserver, Samba for roaming home directories, etc. (Each desktop user will typically have an Windows 2000/XP installation, some brave types [like myself] might run Linux, and no Microsoft servers at all.)

      Fast forward a year or two and the company get

    • Re:Disaster (Score:3, Funny)

      by itomato (91092)
      "Moral of the story: technical challenges aside, your project can always be torpedoed by someone who is self-important and more powerful than you."

      Amen, brother.

      Self-important twats have spoiled the flowering of several potentially beautiful projects.

      The problem is not many people dig a paradigm shift, and Windows to F/OSS is definately one of those.
  • Some work environments are such that everything has to work as often as possible.

    Doing any sort of migration is a bad ideas -- as soon as you have problems, you'll have hordes of pissed off folks screaming.

    I'd recommend against doing a linux migration under those circumstances -- it will only be bad for you and Linux.

    Eventually such ossified environments will likely vanish -- they'll go out of business. If you really want to use Linux at work, it is probably easier to find a job at a Linux shop.
  • Granted that Novell has had an axe to grind with M$ for many years, here is an interesting white paper pdf at [novell.com] which discusses that exact issue.

    None of the large IT concerns that I have worked for have done en-masse Linux desktop installs, by the way, but both had an approved "default" install CD-ROM image that had been sufficently tested (read that "tested tested and then triple tested again...") with the appropriate packages, etc. installed and all of the security settings tweaked and set. that it wasn't a

  • by mgpeter (132079) on Thursday December 01, 2005 @12:34PM (#14158333) Homepage
    I have successfully deployed GNU/Linux networks, both servers and workstations. If you are at all serious about deploying a large amount of GNU/Linux Workstations the first thing you should do is replace the Windows Servers.

    It is much easier integrating a Unix type workstation if you use Unix type servers. It is trivial to have nfs mounted /home directories, especially when you use LDAP for the User Database. If you attempt to deploy Unix type workstations in a Windows Network enviornment you will ALWAYS be fighting with the servers.
  • by Sycraft-fu (314770) on Thursday December 01, 2005 @12:36PM (#14158351)
    If it's all Windows centric including backend and management, it'll be tough to add. Here we are a hybrid Windows/Solaris and are adding Linux. The way we do it is LDAP on Solaris for the backend. Sun has a product that syncs the AD to LDAP, and we are currently working with the Linux systems to get them all working. They use LDAP just fine, but we are having difficulty with our automounts and other such things.

    If you want to do it in your the thing to look for would be a way to sync Linux with the AD. I don't have any experience in this area so I'm afraid I can't help, but Samba might be a place to start. I understand it works in Windows 2000 domains now. At any rate what you want is to design a solution such that the existing management tools will work more or less seemlessly with the Linux workstations. That means they need to get their account information from the AD, map the Windows file shares (Linux does that fine now) use the Windows printers CUPS has no problem with that) and so on.

    You will probably need a Linux server that's the go-between and you might have to do some custom development work. However, I'm sure it's doable. Remember though, to sell it you need ot make your solution work with the existing one. If you demand a bunch of changes, you'll just get shut down. However if you make it integrate nice, it's much easier to push as an alternative. Ultimately a more platform-neutral back end would probably be good, but with infastructure that large, you can't start there because the cost will be enough to make everyone say no.

    PRobably what you should do is just get permission to start experimenting. Get a Linux desktop and server up and running under your control and then start investigating what it's going to take to get some integration going on. Worst case, it doesn't work out, and you get some Linux experience out of it.
  • kick it up a notch (Score:3, Informative)

    by whysanity (231556) on Thursday December 01, 2005 @12:37PM (#14158361) Homepage Journal
    okay, i really hate the subject line (and emeril's show) but here goes:

    i work in a very small environment... say roughly 25 employees and at least that many desktops with about 20 servers. i've been pushing to move away from being a microsoft shop. luckily, the guy before me was also very pro-Best Solution (note i didn't say pro-linux or anti-microsoft) and set up a number of linux servers.

    i have taken hold and attempted ot push the idea of linux desktop solution for people that don't need windows (i.e. sales people). i actually set up a second box for myself before deploying a test box for a sales person. being a ubuntu user for 3 releases now, i choose it for it's polish, shine, and my comfort level. my experiences have been mostly good. anytime anyone needs a package, i just grab it from apt-get (or find a repo first if need be). i can take care of the whole box via ssh and never have to bother the user. it works GREAT except for a few small problems in a windows network:

    1. setting up active directory authentication is a PAIN. it's not hard, but time-consuming and requires a lot of manual tweaking (see my request for an automated tool [ubuntuforums.org])
    2. evolution-exchange connector is horribly in need of work. the basics work, but it's not fast or efficient - or stable. it gets the job done, albeit not eloquently
    3. (i belive the following is a problem with nautilus, but idk) when accessing a shared windows folder, authentication gives a prompt for credentials, but it doesn't matter when you put here. the second prompt for credentials is the important one. in fact, you cannot get the first box to go away unless you click cancel
    4. sudo & AD groups. for the life of me i can't figure out how to get sudo to recognize %domain\linuxadmins as a valid group. `groups` shows me as being part of it, but it's almost as if sudo doesn't like the slash. i've tried escaping it, and tried it without the domain to no avail. ideally, i'd like to set up a group to allow certain users to perform updates when ubuntu notifies them stuff is in need of updateing.

    my gripes aren't HUGE, but they're annoying to me. of course i haven't touched on management needed for a 20,000 pc environment (pushed software & updates), so ymmv
    • 4. sudo & AD groups. for the life of me i can't figure out how to get sudo to recognize %domain\linuxadmins as a valid group. `groups` shows me as being part of it, but it's almost as if sudo doesn't like the slash. i've tried escaping it, and tried it without the domain to no avail. ideally, i'd like to set up a group to allow certain users to perform updates when ubuntu notifies them stuff is in need of updateing.

      Work around this problem and get a solution that scales better.

      Have the desktops auto-upd
  • by request only (Score:2, Informative)

    by LodCrappo (705968)
    I work as a consultant for smaller companies. Although I use linux on my desktops and am quite happy with it, I wouldn't recommend any of my clients try to deploy it on the desktops for normal users unless there is some very compelling reason to do so. I've yet to come across such a situation, but I guess cost, performance and/or security might be reasons in some cases.

    On the other hand I do have some clients where certain individuals have requested linux, and allowing them to run it has not caused any

  • by zoomba (227393) <mfc131&gmail,com> on Thursday December 01, 2005 @12:58PM (#14158615) Homepage
    Especially in a company with that many desktops. When talking about a migration to Linux in a large environment like that means a bunch of things:

    1. What do you do with ANY of the custom apps used on the desktop. Most large companies have at least a few apps their internal developers built for them, and I'll bet they weren't built with cross-platform use in mind. Sure, it may work for now in WINE, but what about when it throws a weird error? What about when a new feature is needed? Recoding the app isn't really an option for most places.

    2. Time to fire and rehire your desktop support staff! And any IT group that is directly tied to desktop products, cause you're doing a complete 180 degree switch on them. You can argue that anyone worth paying should already know Linux, but the reality is a lot of people in IT are tied to MS, because that's what their company has bet the farm on. You would probably have to either rehire or retrain most of the desktop support group.

    3. Your options are RedHat, or SuSE. A company that big is only going to switch if they can buy Linux from a vendor with the chops to support a large organization. Mom & Pop Linux Support Inc isn't going to be taken seriously since they may be in business today, but might not be tomorrow. Business wants a large company backing a product so they have someone to go back to when something goes really wrong.

    4. Retraining Costs. Sure, there's adjustment when moving users from Windows Version X to Windows Version Y, but generally the user experience remains fairly consistent. Moving to Linux, unless you reskin it to look exactly like Windows and hide away anything that would hint that it wasn't Windows is going to require significant user retraining. Then there's all the new apps that they'll have to learn to use. You'll lost a LOT of time and money here.

    5. What's the real benefit? Yeah, Microsoft is evil, vendor lock-in, security vulnerabilities blah blah blah and so on. But honestly, does Linux provide a real business value? Does it save money in the long run? Does it make the work easier to do? Don't answer these questions as techno-geeks who are already biased, look at it from a semi-objective standpoint.

    I don't think you can make an effective case to begin the switch-over of 40,000 desktops to linux, even in much of a phased approach. Best you can probably hope for are a few pockets of Linux users within IT. The average user would probably never even get whif of its existance.
    • Great post. I had said something similar in a previous topic a while ago as well.

      Most people I hear talking about "this Linux thing" at work (most of the time users) don't know a thing about it, except that it's free (and windows isn't) and they somehow think that would pretty much drop our overall IT costs to 0$.

      Truth is... Even if you don't look at the money figures (may or may not be better - let's just focus on the other issues first which sometimes are more of a concern)

      We have DOZENS of in-house apps
  • MacWindows (Score:2, Insightful)

    by wheatwilliams (605974)
    If you want to integrate Mac OS X computers into your existing Windows server infrastructure, be sure to check out http://macwindows.com/ [macwindows.com]

    This site is dedicated to enabling Mac OS X computers to coexist in the enterprise environment.
  • A year or two ago, I orchestrated an enterprise upgrade from Win 9x desktops with Banyan servers to WinXP with Win2K servers.
    You would not believe how scared and panicky the users got. During the physical migration, users were given 4 hours of training on the changes from Win9X to WinXP. Then immediately went back to their desk to a newly converted workstation. It hardly helped at all. The shape of the MS Office icons changed, we got dozens of calls from users who said we had "taken away" MS Office. One dep
  • Homer? (Score:3, Funny)

    by MarkGriz (520778) on Thursday December 01, 2005 @01:31PM (#14158983)
    duffbeer703 asks: "My employer runs alot of desktop and laptop computers -- something in the neighborhood of 40,000 PCs

    Wow, I didn't realize the Springfield Nuclear Power Plant employed so many people.
  • I think the key is to make the transition process as smooth as possible.

    One department at a time is a good strategy, but I'd go even further:

    Your users will gonna have to learn to use a lot of new softwares and they won't be happy with that. If all those changes appends all at once, there will be a perception that Linux is hard and complicated. And it will fail.

    I'd replace one aplication at a time for as long as I can. Internet explorer would be the first (replaced by firefox), then maybe Outlook (by Thunde
  • by awkScooby (741257) on Thursday December 01, 2005 @02:35PM (#14159732)
    1. Make sure you investigate Microsoft licensing issues. In our environment, we would have to purchase a CAL for every Linux, OS X and other *NIX system that wanted to play in the Active Directory. Just because you technically can do something doesn't mean you're legally allowed to do it. Microsoft licensing is extremely complex.

    2. Decide on a method for authentication. I suggest using Kerberos 5, since that's what Active Directory uses. You must make a choice -- use Active Directory as your KDC, or use MIT or Heimdal as your KDC with a trust between it and the Active Directory. Due to licensing, and technical reasons, we use an MIT KDC, with a 1 way trust (AD trusts the MIT KDC, the MIT KDC doesn't trust AD). The technical reasons boil down to:

    • Microsoft only supports DES-CBC-CRC, DES-CBC-MD5, RC4-HMAC encryption types. Lots of existing Kerberos clients don't support RC4-HMAC, which leaves DES. Yuk.
    • Microsoft's Kerberos adds a PAC field to the ticket, which can make for very large kerberos tickets. Lots of existing Kerberos clients have problems with this.

    Note that you could choose to have Windows systems authenticate against the AD or authenticate against the MIT Keberos realm, and have non-Windows systems use an MIT KDC.

    2. Redirect passwd file lookups to LDAP. You already have an LDAP server -- Active Directory. You'll need to add the LDAP schema defined in RFC 2307, and will need to add the posixAccount auxillary class to all of your users. Part of that process involves putting the passwd file information like uid, gid, geckos, homeDirectory, and shell information in the appropriate attributes.

    Again, due to licensing issues, and the fact that we already had an enterprise LDAP directory, we chose to not use Active Directory for this purpose. But, it certainly can be done.

    3. On the linux desktop systems, use pam_krb5 to redirect authentication to kerberos, and configure nsswitch.conf and ldap.conf to redirect passwd file lookups to LDAP. On RedHat systems, you can do it all from authconfig, although I think it's helpful to know the files involved.

    4. I like pam_access for restricting who is allowed to log in on a given workstation. pam_access can restrict to members of groups, and those groups can be posixGroup objects in LDAP/Active Directory.

    I think it's helpful to have home directories on a central server. We use OpenAFS. I don't know if it's possible to have a user's home directory on a Microsoft share or not. If not, you'll probably still be in the business of creating home directories on desktops. Microsoft has some NFS thing for Windows. I haven't used it, so I'll refrain from commenting, other than to remind you to research potential licensing issues.

    A lot of this will work across a number of platforms. I have it working on Linux and OS X.

    Beyond the stuff above, for managing lots of Linux desktops there are lots of options, but they're probably all roll your own type things. If you have a few standard configurations, you could use rsync. Or have them all point to a central YUM repository, or... Well, there are tons of ways. I can't give you a postmortem on that, because we don't have lots of Linux desktops in our environment yet. Centralized management doesn't make sense for the few that we have.

    Summary: pam_krb5 + pam_access + nsswitch + central filesystem == HAPPY

    Read up on kerberos. There's a fair amount to get your head around. If you can explain why kerberos authentication is better than "ldap authentication" you should be in pretty good shape.

  • by Anti-Trend (857000) on Thursday December 01, 2005 @03:07PM (#14160052) Homepage Journal
    In both successful Win/Lin environments I've worked in, one of the key ingredients was the presence of Linux on the servers ...or at least a majority of them. In each case, the Windows domains were handled by Samba PDCs, which also ran NFS and NIS services for the Linux clients, each running from the same consolidated database. That way it's no harder to manage the Linux clients, as you're not asking them to act as Windows clients, but as UNIX ones. If you already have experienced UNIX pros onboard, it shouldn't be a problem for you at all. That way I've found it's much easier to keep things running optimally while still maintaining a single domain mangement base. In fact, one of the two shops I mentioned found Linux worked well enough for them that they are now at ~90% migration to Linux, with only upper management still running non-*nix OSes (seems they're always the hardest to get up to speed, doesn't it?). Of course, I have seen environments where Linux clients are grafted onto existing Windows networks, and they seemed to do quite well. Things are not as seamless as they could be, but everything works for the most part.

    -AT

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.

Working...