Linux Desktop Deployment Postmortems? 371
duffbeer703 asks: "My employer runs alot of desktop and laptop computers -- something in the neighborhood of 40,000 PCs. Currently they are all Windows 2000 & XP managed by Active Directory and other big, complicated enterprise management tools, all of which can support Linux in one form or another. I'm looking for ways of making Linux (and maybe Unix or even Apple desktops) an option as we replace or add PCs. The problem is, most of the resources that you find online about deploying Linux focuses on server environment, and the articles that I do find about desktop Linux focus on standalone developer workstations, the IBM conversion to Linux (which doesn't seem to have happened) or things like LTSP, that won't integrate well with our infrastructure. Is anyone out there successfully using Linux for regular users? How did it go, and how did your IT and user communities adapt to the new kid on the block?"
Ubuntu? (Score:5, Informative)
This article [slashdot.org] was posted a little while ago about a user who used Ubuntu in a completly MS environment without his boss noticing for a few months. (linked article [madpenguin.org] from the story)
My experience with it is that it's one of the most mature Desktop distributions, coming complete with most of the tools one would need to perform most jobs. Easy install, and you can use Syntaptic/apt-get for upgrades and additional installation since it's Debian based. You should check it out [ubuntulinux.org].
Re:Ubuntu? (Score:5, Funny)
First the Red Hat zealots came for me, and I said nothing because I didn't want to run a commercialized distro
Then the Gentoo zealots came for me, and I said nothing because I didn't want to compile everything
Then the OS X zealots came for me, and I said nothing because I won't pay for overpriced hardware
Finally the Ubuntu zealots came for me, and everyone was so sick of offtopic zealotry that no one spoke up at all.
Re:Ubuntu? (Score:2)
* [wikipedia.org]
Re:MOD GRANDPARENT UP (Score:2)
Plus, GP was pretty funny
Re:Ubuntu? (Score:2)
Personally I pref
Re:Ubuntu? (Score:4, Interesting)
Re:Ubuntu? (Score:2)
Re:Ubuntu? (Score:3, Interesting)
This is a server story--->
I got permission from my boss (who was not in the IT department) to build a proof of concept web based replacement for 200 users.
system:
Compaq Armada 7400 Laptop
PII 300
64 MB RAM
Slack 10
Now, Everything was going well for months. All the supervisors were h
Re:Ubuntu? (Score:3, Insightful)
Try it again and let us know how it goes.
Head first (Score:4, Funny)
Re:Head first (Score:2)
Re:Head first - kidding eh? (Score:2, Informative)
Size matters (Score:4, Insightful)
In your case though, there will be more disruption, not everyone wants to use linux... Id suggest just inserting the new computers in one department, preferably one where the employees are already interested in linux. I would also suggest taking a workgroup poll to get interior feedback interest as well.
prof
How to be successful at migrations (Score:3, Informative)
The first step is to identify those workstations that have the simplest requirements and/or the users who are m
Re:How to be successful at migrations (Score:2)
Re:How to be successful at migrations (Score:2)
Secondly, distro version!=linux version. There's even less reason to switch every time the distro releases than any time the kernel releases. Just install whatever version you decided on, and then update whatever apps you think need updating. Just like in windows land.
And finally, yes you can get support for older versions of Linux, and older
Re:How to be successful at migrations (Score:3, Informative)
Secondly, you have far less work interruption from updates on Linux than with Windows. With tools like apt-get or yum you could indeed upgrade the distro without taking it down for the upgrade or booting the user off his/her applications (d
Re:How to be successful at migrations (Score:3, Informative)
I cannot find any information on how long RHEL versions are supported with Red Hat's support engineers. However, they maintains update support for (and expect you to be using it for up to) seven years, so I would assume that the answer to your question is probably "yes."
Re:How to be successful at migrations (Score:3, Insightful)
So. Just because us North Americans haven't moved off the dime doesn't mean that the rest of the world is sitting still.
Not here, either (Score:2, Informative)
Re:Not here, either (Score:2)
Correction:
Ask who needs to use it and deploy it to them.
Microsoft writing Slashdot titles? (Score:2)
Re:Microsoft writing Slashdot titles? (Score:5, Funny)
Re:Microsoft writing Slashdot titles? (Score:2)
Guitar Strings (Score:5, Informative)
Read Rockin' on without Microsoft [com.com]
Re:Guitar Strings (Score:3, Funny)
-everphilski-
Re:Guitar Strings (Score:2)
Out of compliance means you have more installations than you have licenses for.
Not necessarily. It can mean you have installations which use the "wrong" licenses. If I have three licenses for Office XP Pro, and three computers installed using the same license (say, two users who used the VLK version of the install disk on their personal computers because it was handy and they have the key memorized, instead of digging up the single-user disc just to install it), or using different lice
Re: (Score:2)
Re:Guitar Strings (Score:2)
So if they own and are using a
Re:Guitar Strings (Score:2)
Re:Guitar Strings (Score:2)
Re:Guitar Strings (Score:2)
The real issue with compliance enforcement is that licensing is now so complex that the enforcement is basically arbitrary. Every person who reads this post and uses Microsoft software in any decent sized environment is almost certainly out of compliance in some respect or other. You may
Re:Guitar Strings (Score:2)
Re:Guitar Strings (Score:4, Insightful)
Furthermore, being out of compliance is not a criminal matter, it's a civil one, so even if they were in actual violation and not merely in a state of poor record-keeping, they still wouldn't be 'criminals'.
(Yeah, yeah, IHBT, I dunno when I'll learn...)
Success stories (Score:4, Insightful)
Not if you live on a continent full of "criminals" with success stories.
Re:Guitar Strings (Score:3, Insightful)
A "few dozen" unlicensed apps on a network with 300 people shouldn't have warranted BSA-imposed pariahdom. A small fine and forcing them to fix their licensure status, yes. Disgracing them on the evening news and in an ad campaign, no.
Although it might count as blasphemy to say as much on Slashdot, Microsoft, of all companies, understands that, and except in really extreme situations will usually work with a company to get them
Re:Guitar Strings (Score:3, Interesting)
That would be the "good cop, bad cop" approach. You need a decent stick to beat people wi
That's not true (Score:2)
2. The process of being out of BSA compliance is hugely worse than even a substantial penalty for anything you might not have bought. They basically shut you down EVEN IF YOU ARE IN COMPLIANCE. All it takes in an unhappy employee making a phone call...
First off, out of compliance does NOT mean you have more installations than you paid for copies of. It means you have more installations that you can instantly produce proof of. W
Re:Guitar Strings (Score:2)
Except for the fact that Ball had spent all sorts of money to be in compliance and found out that they were still able to miss a few packages. Yeah, Ball is a good example of what companies should not be.
Re:Out of compliance? (Score:2, Informative)
News story from the event. The article is light on the details, and at one point refers to "pirated copies" while at another refers to "more installations than licenses".
Having seen both many a time in a corporate environment, this is not always a company decision- users are to blame on occasion as well.
The reason for the shift matters, but the fact that they shifted successfully says a lot, especially to smaller organiza
Re:Out of compliance? (Score:2)
That they couldn't prove they paid for.
They may have lost the documentation for or just grabbed the wrong CDs.
Re:Out of compliance? (Score:3, Interesting)
Even nicer was the fact that the same former employee was responsible for keeping the licensing info.
Ghost et al. (Score:5, Interesting)
It was fairly straightforward to set things up with simple additions to
I ran this thing on my PC for months before my employer even noticed. I used VMware for my Windows needs (as I was a network administrator, I needed to run some troubleshooting in Windows for user support) and Samba for all of my day-to-day shares and printing. In the end, the only reason anyone knew what I was running was that I was sick one day, and someone tried to sit at my desk, with very small amounts of success.
Now if only I'd kept a copy when I was let go!
Re:Ghost et al. (Score:2)
You know (Score:5, Insightful)
Do you have must-keep Windows apps? Try CrossOver Office
http://www.eweek.com/article2/0,1895,1886920,00.a
or
Verasora/Win4Lin
http://www.versora.com/ [versora.com]
I've used and deployed them all in small businesses with AD management, and they've all worked. There's no reason why they wouldn't work in larger businesses. After all, as IBM and Oracle are showing, they already do.
Steven
Re:You know (Score:2)
http://www.versora.com/ [versora.com]
That page isn't loading right now, and a google search doesn't come up with anything.
They really need to work on their online presence.
Re:You know (Score:3, Insightful)
The funny thing is that for companies who do this for a living, where are the migration tools? Microsoft provide a shit load of migration tools for moving away from competing products and even old versions of their own products. Why doesn't Novell or Red Hat?
Think how attractive it would be if RH
Rationale to a company... (Score:4, Insightful)
First, is that they cannot control the desktop using policy. This is the biggest selling point of using Windows in a workgroup domain, and especially to manage as many servers and end users as they have. Active Directory, while not perfect, is awesome in its capabilities -- all stolen mostly from Novell's NDS
Next, is expertise. Why would you introduce something into an environment that nobody really knows how to use? Your executives aren't 100% sure but they know 100% that they need to hire staff that can take on Linux servers/desktops and supporting them. That means paying a premium for that labor, and it's not necessary when you can get Windows guys on the cheap.
Lastly -- companies are hesistant to change. Financial companies in particular go with the mantra, if it works, don't touch it. You will see lots of these smaller shops on NT 4 still because to them... it works. Larger corporations that have to meet with SOX compliancy issues are forced into upgrading. That's what happened where I work.
Anyways.. best of luck trying to introduce Linux into your environment. I am going to say that you will crash and burn trying, because a company that large doesn't likely have a *need* for Linux. And if's not a necessity, a good business decision is not to let it happen. Again the mantra, if it ain't broke...don't fix it.
Re:Rationale to a company... (Score:3, Insightful)
Lastly -- companies are hesistant to change. Financial companies in particular go with the mantra, if it works, don't touch it. You will see lots of these smaller shops on NT 4 still because to them... it works. Larger corporations that have to meet with SOX compliancy issues are forced into upgrading. That's what happened where I work.
Interesting posting, but you are forgeting an even more powerful force in corporate culture - corporations are always looking to cut costs. That $10M and growing annual c
Re:Rationale to a company... (Score:2)
Re:Rationale to a company... (Score:2)
Re:Rationale to a company... (Score:3, Interesting)
Annual support contract, most companies have them.
Re:Rationale to a company... (Score:2)
(I've standardized my company on Windows 2000).
God this forum has declined. A few years ago most people would be embarrased to admit that. So you pay nothing to keep employees in Windoze and Orifice licenses? Are you using warez? I work at a company site with 5000 people. The annual bill is hefty.
Re:Rationale to a company... (Score:2)
Yes - but from what I can tell most US companies seem awfully concerned with cost savings here and now - as in on this quarter's, or this year's bonus. There's no doubt that a Linux migration is a long-term investment that
Tried Sabayon? (Useful for Gnome envs + profiles) (Score:2, Insightful)
I don't think it's anywhere as good as what I've heard group policy to be, but it's a start in the right direction. I've found it to be quite buggy and it took me a couple of days to get the desktop _as_I_wanted_it_.
(See http://www.codepoets.co.uk/sabayon_creating_linux_ desktop_profiles [codepoets.co.uk] which may be of some use as feedback/info)
DG
Re:Rationale to a company... (Score:2)
That's a good mantra. I'd swear by it!
Re:Rationale to a company... (Score:2)
Because they didn't know how to use the first environment to begin with.
Trust me... If you work corp help desk, you would understand. It wouldn't matter if it is Windows, Apple, or Linux... It is all the same to most people who don't know computers. *coughs*
Re:Rationale to a company... (Score:2)
I'm just admiring from afar until I get some bucks saved up to buy an iBook or PowerBook
Desktop Linux in the Enterprise (Score:4, Interesting)
Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time. Workstations can be restored without anyone technical being required on site at all.
I've looked and looked and haven't been able to find any resources for doing similar tasks with Linux based desktops. The closest I've come up with is to use custom built CD Rom desktop OSes, but these are much slower than using a workstation with the OS installed on a local hard drive.
I'm sure it can be done, perhaps by remotely mounting common application and
Not much help I know, but it shows why my company is still an MS shop.
John the Kiwi
Re:Desktop Linux in the Enterprise (Score:3, Insightful)
Roaming Profiles and publishing applications via Active Directory also greatly reduces on site time.
RIS helps greatly under Windows because you can't just install everything you want and then image the drive (unless you plan to put it on 100% identical hardware, and even then you need to sysprep it). With Linux, you can do an absolute base install in about thirty seconds more than it takes to
Re:Desktop Linux in the Enterprise (Score:2)
Can I do a base install of Linux in 30 seconds like you say? What technologies would I use? How do you make sure the kernel is compiled with all of the appropriate drivers? What scripts should I be using to automate the copy from the CD or networked image?
I'm well aware that these things can be done,
Re:Desktop Linux in the Enterprise (Score:3, Interesting)
Here's how I've done it in the past:
0. make tarballs of the machine where I built the system image (with users and everything). Make them once, use them forever.
At the machine I want to install on:
1. boot off a CD or network image
2. create boot and root partitions (~10 seconds)
3. install the bootloader (~10 seconds)
4. fire off a script that untars the boot tarball onto the boot partition, untars the root tarball onto
Desktop and Server technique convergence (Score:3, Informative)
Why is it that people think Desktop Linux and Server Linux are different animals when it comes to enterprise setups? Enterprises have been doing rapid deployment, diskless (or minimally local)
Re:Desktop and Server technique convergence (Score:3, Interesting)
Where is the information? Where are the success stories with Howto's? What symbolic links should I mess with?
It's all very well to talk about AFS and ACLs and updating a bazillion desktops but you've given me nothing. Got any links to any of this? Bonus points for finding links and information that shows good ways to integrate this with Samba and CIFs to support current Windows based wiorkstations while we integrate Linux based desktops.
So thanks for your post, bu
Re:Desktop and Server technique convergence (Score:3, Interesting)
A good place to start would be Linux Terminal Server Project [ltsp.org] (click 'Documentation' on the left). Even if it's not exactly what you're looking for, it'll teach you a lot about setting up thin clients, DHCP server, diskless PXE (network) boots via TFTP, mounting root NFS filesystems, etc. They tell you all of this in the context of setting up LTSP, but most of it is general knowledge, and very transferrable to whatever purpose you had in mind.
It might n
Re:Desktop Linux in the Enterprise (Score:2)
We're Switching Because... It's Cool...? (Score:5, Insightful)
In the past I've been responsible for switching a small company over (circa 150 desktops) from -- what was it now? -- DOS to WIN 3.1, or WIN 3.1 to WIN 95, I forget, I've burned it from my memory. And it was a nightmare. Not cuz it was Windows, cuz we were switching, period. Accounting gave us hell ("what are the cost benefits again?"), users gave me hell ("Time is Money, Y'Know!"), and Super Senior Mgt tweaked me more than once ("If you weren't switching us to this, um, upgrade thing, what is it that you would be doing, hmm?"). Learned an AWFUL lot about wacky boutique Accounting-Inventory-Shipping-Graphics-YouNameIt programs that all ran lovely on the OLD system but had to be bludgeoned into submission on the new.
Not saying you should not upgrade. Not saying Linux is not an upgrade from what you're using (not saying it IS, either; you really need to examine the apps). Just saying that you really need to look at this upgrade from every direction short of Sunday before you dive into the change. There's a large, cold room reserved in the House of Pain for Linux Evangelists who push their companies to make The Switch without having a whole pond worth of ducks in a row.
Good Luck, Bud, and God speed! And better you than me.
Disaster (Score:5, Interesting)
The Linux file server worked beautifully. We had a simple NT4 domain, setting up Samba with proper permissions was easy. It was easy to administer, very reliable, and fast.
The Linux router(s) worked well, too. I had a nice collection of scripts run with cron that would turn off internet access to the dorms at a specified time, and then turn it back on in the morning (remember: this was a high school).
I was even in the process of developing a grading system with the LAMP stack, since at the time, teachers did their grading manually, and often complained about it.
Everything was running beautifully for months, until politics entered the game. Some higher-ups bought software without consulting the IT department (me and one other guy) that of course only ran on Windows. They also decided that we were going to go with FileMaker for a grade database, that was maintained by some high-price consultant. In the end, they wanted everything to be Windows for some reason or another (misinformed about how Open Source works, you know, the whole deal). My wonderful little Linux environment disappeared, and eventually, so did I.
Moral of the story: technical challenges aside, your project can always be torpedoed by someone who is self-important and more powerful than you.
Re:Disaster (Score:2, Interesting)
I've had similar things happen to me in the past, more than once.
The most common experience I've had is working with a small company with approximately 50 staff on site, and a few remote. The backend is entirely Linux based, Exim for Email, Apache for the webserver, Samba for roaming home directories, etc. (Each desktop user will typically have an Windows 2000/XP installation, some brave types [like myself] might run Linux, and no Microsoft servers at all.)
Fast forward a year or two and the company get
Re:Disaster (Score:3, Funny)
Amen, brother.
Self-important twats have spoiled the flowering of several potentially beautiful projects.
The problem is not many people dig a paradigm shift, and Windows to F/OSS is definately one of those.
Depends on the Environment (Score:2)
Doing any sort of migration is a bad ideas -- as soon as you have problems, you'll have hordes of pissed off folks screaming.
I'd recommend against doing a linux migration under those circumstances -- it will only be bad for you and Linux.
Eventually such ossified environments will likely vanish -- they'll go out of business. If you really want to use Linux at work, it is probably easier to find a job at a Linux shop.
White paper (Score:2)
None of the large IT concerns that I have worked for have done en-masse Linux desktop installs, by the way, but both had an approved "default" install CD-ROM image that had been sufficently tested (read that "tested tested and then triple tested again...") with the appropriate packages, etc. installed and all of the security settings tweaked and set. that it wasn't a
First Switch your Servers (Score:5, Insightful)
It is much easier integrating a Unix type workstation if you use Unix type servers. It is trivial to have nfs mounted
In your environment it'll be tough (Score:3, Informative)
If you want to do it in your the thing to look for would be a way to sync Linux with the AD. I don't have any experience in this area so I'm afraid I can't help, but Samba might be a place to start. I understand it works in Windows 2000 domains now. At any rate what you want is to design a solution such that the existing management tools will work more or less seemlessly with the Linux workstations. That means they need to get their account information from the AD, map the Windows file shares (Linux does that fine now) use the Windows printers CUPS has no problem with that) and so on.
You will probably need a Linux server that's the go-between and you might have to do some custom development work. However, I'm sure it's doable. Remember though, to sell it you need ot make your solution work with the existing one. If you demand a bunch of changes, you'll just get shut down. However if you make it integrate nice, it's much easier to push as an alternative. Ultimately a more platform-neutral back end would probably be good, but with infastructure that large, you can't start there because the cost will be enough to make everyone say no.
PRobably what you should do is just get permission to start experimenting. Get a Linux desktop and server up and running under your control and then start investigating what it's going to take to get some integration going on. Worst case, it doesn't work out, and you get some Linux experience out of it.
kick it up a notch (Score:3, Informative)
i work in a very small environment... say roughly 25 employees and at least that many desktops with about 20 servers. i've been pushing to move away from being a microsoft shop. luckily, the guy before me was also very pro-Best Solution (note i didn't say pro-linux or anti-microsoft) and set up a number of linux servers.
i have taken hold and attempted ot push the idea of linux desktop solution for people that don't need windows (i.e. sales people). i actually set up a second box for myself before deploying a test box for a sales person. being a ubuntu user for 3 releases now, i choose it for it's polish, shine, and my comfort level. my experiences have been mostly good. anytime anyone needs a package, i just grab it from apt-get (or find a repo first if need be). i can take care of the whole box via ssh and never have to bother the user. it works GREAT except for a few small problems in a windows network:
1. setting up active directory authentication is a PAIN. it's not hard, but time-consuming and requires a lot of manual tweaking (see my request for an automated tool [ubuntuforums.org])
2. evolution-exchange connector is horribly in need of work. the basics work, but it's not fast or efficient - or stable. it gets the job done, albeit not eloquently
3. (i belive the following is a problem with nautilus, but idk) when accessing a shared windows folder, authentication gives a prompt for credentials, but it doesn't matter when you put here. the second prompt for credentials is the important one. in fact, you cannot get the first box to go away unless you click cancel
4. sudo & AD groups. for the life of me i can't figure out how to get sudo to recognize %domain\linuxadmins as a valid group. `groups` shows me as being part of it, but it's almost as if sudo doesn't like the slash. i've tried escaping it, and tried it without the domain to no avail. ideally, i'd like to set up a group to allow certain users to perform updates when ubuntu notifies them stuff is in need of updateing.
my gripes aren't HUGE, but they're annoying to me. of course i haven't touched on management needed for a 20,000 pc environment (pushed software & updates), so ymmv
Re:kick it up a notch (Score:2)
Work around this problem and get a solution that scales better.
Have the desktops auto-upd
Re:kick it up a notch (Score:3, Insightful)
That's the part you seem to be missing. Users shouldn't need or have to update their own machines in a managed environment -- you should be in control of that from start to finish.
by request only (Score:2, Informative)
On the other hand I do have some clients where certain individuals have requested linux, and allowing them to run it has not caused any
Can't Switch For Switching's Sake (Score:5, Insightful)
1. What do you do with ANY of the custom apps used on the desktop. Most large companies have at least a few apps their internal developers built for them, and I'll bet they weren't built with cross-platform use in mind. Sure, it may work for now in WINE, but what about when it throws a weird error? What about when a new feature is needed? Recoding the app isn't really an option for most places.
2. Time to fire and rehire your desktop support staff! And any IT group that is directly tied to desktop products, cause you're doing a complete 180 degree switch on them. You can argue that anyone worth paying should already know Linux, but the reality is a lot of people in IT are tied to MS, because that's what their company has bet the farm on. You would probably have to either rehire or retrain most of the desktop support group.
3. Your options are RedHat, or SuSE. A company that big is only going to switch if they can buy Linux from a vendor with the chops to support a large organization. Mom & Pop Linux Support Inc isn't going to be taken seriously since they may be in business today, but might not be tomorrow. Business wants a large company backing a product so they have someone to go back to when something goes really wrong.
4. Retraining Costs. Sure, there's adjustment when moving users from Windows Version X to Windows Version Y, but generally the user experience remains fairly consistent. Moving to Linux, unless you reskin it to look exactly like Windows and hide away anything that would hint that it wasn't Windows is going to require significant user retraining. Then there's all the new apps that they'll have to learn to use. You'll lost a LOT of time and money here.
5. What's the real benefit? Yeah, Microsoft is evil, vendor lock-in, security vulnerabilities blah blah blah and so on. But honestly, does Linux provide a real business value? Does it save money in the long run? Does it make the work easier to do? Don't answer these questions as techno-geeks who are already biased, look at it from a semi-objective standpoint.
I don't think you can make an effective case to begin the switch-over of 40,000 desktops to linux, even in much of a phased approach. Best you can probably hope for are a few pockets of Linux users within IT. The average user would probably never even get whif of its existance.
Re:Can't Switch For Switching's Sake (Score:3, Insightful)
Most people I hear talking about "this Linux thing" at work (most of the time users) don't know a thing about it, except that it's free (and windows isn't) and they somehow think that would pretty much drop our overall IT costs to 0$.
Truth is... Even if you don't look at the money figures (may or may not be better - let's just focus on the other issues first which sometimes are more of a concern)
We have DOZENS of in-house apps
MacWindows (Score:2, Insightful)
This site is dedicated to enabling Mac OS X computers to coexist in the enterprise environment.
Linux enthusiasts will never catch on (Score:2, Insightful)
You would not believe how scared and panicky the users got. During the physical migration, users were given 4 hours of training on the changes from Win9X to WinXP. Then immediately went back to their desk to a newly converted workstation. It hardly helped at all. The shape of the MS Office icons changed, we got dozens of calls from users who said we had "taken away" MS Office. One dep
Re:Linux enthusiasts will never catch on (Score:2)
Homer? (Score:3, Funny)
Wow, I didn't realize the Springfield Nuclear Power Plant employed so many people.
Forget the OS for now, start with the applications (Score:2, Insightful)
One department at a time is a good strategy, but I'd go even further:
Your users will gonna have to learn to use a lot of new softwares and they won't be happy with that. If all those changes appends all at once, there will be a perception that Linux is hard and complicated. And it will fail.
I'd replace one aplication at a time for as long as I can. Internet explorer would be the first (replaced by firefox), then maybe Outlook (by Thunde
Making Linux an Option (Score:3, Informative)
2. Decide on a method for authentication. I suggest using Kerberos 5, since that's what Active Directory uses. You must make a choice -- use Active Directory as your KDC, or use MIT or Heimdal as your KDC with a trust between it and the Active Directory. Due to licensing, and technical reasons, we use an MIT KDC, with a 1 way trust (AD trusts the MIT KDC, the MIT KDC doesn't trust AD). The technical reasons boil down to:
Note that you could choose to have Windows systems authenticate against the AD or authenticate against the MIT Keberos realm, and have non-Windows systems use an MIT KDC.
2. Redirect passwd file lookups to LDAP. You already have an LDAP server -- Active Directory. You'll need to add the LDAP schema defined in RFC 2307, and will need to add the posixAccount auxillary class to all of your users. Part of that process involves putting the passwd file information like uid, gid, geckos, homeDirectory, and shell information in the appropriate attributes.
Again, due to licensing issues, and the fact that we already had an enterprise LDAP directory, we chose to not use Active Directory for this purpose. But, it certainly can be done.
3. On the linux desktop systems, use pam_krb5 to redirect authentication to kerberos, and configure nsswitch.conf and ldap.conf to redirect passwd file lookups to LDAP. On RedHat systems, you can do it all from authconfig, although I think it's helpful to know the files involved.
4. I like pam_access for restricting who is allowed to log in on a given workstation. pam_access can restrict to members of groups, and those groups can be posixGroup objects in LDAP/Active Directory.
I think it's helpful to have home directories on a central server. We use OpenAFS. I don't know if it's possible to have a user's home directory on a Microsoft share or not. If not, you'll probably still be in the business of creating home directories on desktops. Microsoft has some NFS thing for Windows. I haven't used it, so I'll refrain from commenting, other than to remind you to research potential licensing issues.
A lot of this will work across a number of platforms. I have it working on Linux and OS X.
Beyond the stuff above, for managing lots of Linux desktops there are lots of options, but they're probably all roll your own type things. If you have a few standard configurations, you could use rsync. Or have them all point to a central YUM repository, or... Well, there are tons of ways. I can't give you a postmortem on that, because we don't have lots of Linux desktops in our environment yet. Centralized management doesn't make sense for the few that we have.
Summary: pam_krb5 + pam_access + nsswitch + central filesystem == HAPPY
Read up on kerberos. There's a fair amount to get your head around. If you can explain why kerberos authentication is better than "ldap authentication" you should be in pretty good shape.
A Few Successful Hybrid Environments (Score:3, Insightful)
-AT
WTF (Score:2, Informative)
Re:Not One (Score:3, Informative)
Real systems like Champion controller and sage and Cougar mountian or even Excalibur.
Those that are still using the toy packages the likes of Quickbooks really do not want powerful, they want braindead and to pay a service fee to get the hard stuff done.
but that is the difference between buying a $395-$595 toy at
Re:Not One (Score:3)
Re:Not One (Score:2)
Im assuming not.
Why would you fault a small business for using a lightweight accounting package then? Small businesses want to focus on Getting Things Done, not learning how to use an overly complicated accounting package, or understanding the minutae of accounting concepts. Oh, and they don't want to spend over $1500 on software whose features they will never use, and/or don't even understand how to use or why they would need them.
My last
PC-based thin clients (Score:2)
Maybe this would even be a viable option for the original poster: Building one or two linux images for the clients with Citrix (or similar) clients and using a fat server to provide compatibility with Windows apps.
Re:PC-based thin clients (Score:2)
Re:PC-based thin clients (Score:2)
random failures - massive failures, yay Sun! (Score:2)
Thin clients make even less sense, especially for that large an installation. They need far more network resources and if anything network-related goes down, the employee is left twiddling their thumbs. If you pay your employees $15/hour (I seriously hope you pay them more than that), 1 minute of downtime for 40,000 people costs you +$15k. 3 minutes downtime, and you just paid for so
Re:random failures - massive failures, yay Sun! (Score:2)
Considering that Sun uses Sun Rays internally, this statement implies that they are reliable...
Re:Call PriceRitePhoto 888-365-4300 (Score:2)
Hardware is irrelevant. (Score:2)
This excuse people use that Windows is crap because of diverse hardware is tiresome. It has nothing to do with that. There’s an endless lineup of people who are willing to tell you they honestly run Linux or some BSD variant on weird hardware and their platforms are solid. Beyond that, bad hardware does not create an inconsistent and confusing interface, security holes, application bloat, and other nonsense that is strictly further up the stack on Windows. OS X, on the otherhand, is solid in desig
Re:Why the switch? (Score:2)
Why should the "regular users" care? It isn't there job to say what OS they use for their job. If it was up to me, I'd gave a set list of applications they need to run their job and have those icons on the desktop.
Everything else would be disabled and all command lines, start menues, system file searching, and tweaking would be disabled by default. This would be regardless of if it is Windows
Why _not_ ask Slashdot? (Score:3, Insightful)
Pop Quiz: Name a place where you can ask a question of a couple hundred thousand UNIX, Linux, Windows, and other IT/IS pros all in one place, many of whom may have experience relevant to your company's situation. In addition, this place cannot charge a fee for their services, and the answers must be diverse and rapid.
...
I don't know about you, but the only place that co