• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Joining Linux to a Windows Domain

Underemployed

Muse
Underemployed
Joined
Jan 7, 2003
Messages
764
Dear Forum Linux/Windows gurus,

I've been tasked to get a standard PC, running any version of Linux, to be able to plug in to our Windows network (Server 2003 Standard domain controller), the ideal being that you can boot up, enter any domain user+password and log in to the Linux desktop.

I have seen many, many, many how-to's on the net and I have followed them to the letter. I have so far tried Fedora, Xandros 3.0 (not the business edition) and Suse 10 Professional. I have written and re-written several ssh, PAM, krb5.conf, kdm and samba.conf files, all to no avail.

All I have managed so far is to add the computer to the domain using the net ads join command (I can also get a lost of users with the net ads -U (name) command, but the getent passwd command does not list any domain users).

On Xandros I was able to make the login screen admit that a Windows domain existed, but nothing would login and the original Linux accounts would not log in due to 'module error'. On Suse, the Samaba client recognised there was a domain to log into but when I clicked to proceed a box with 'ERROR' appeared with no further explanation.

So, what's the story? Is it in fact possible to achieve what I am trying to do? Will I have to buy Xandros Business Edition (which kind of negates the point of going to Linux in the first place, this being an educational institution)?

As I said, I have trawled the net extensively for how-to's on this topic, so don't direct me to something like the Richmondmag article. Frankly I'm amazed there is not more information on the topic, as a good Linux distro that could do this would surely be very quickly taken up all over the place (as Xandros may well be already, I am new-ish to Linux and new to being a sysadmin in general so please forgive any naivite inherent in this post).

Thanks for any and all replies.
 
I haven't done this myself but I'm told that Suse 10 can do this by configuring the krb5.conf file and the kerberos utility. If it doesn't work, the fault may lie in a badly configured active directory, not the linux client.

The most common error is in the DNS setup. If you let the wizard set up a dns server for you it will not set up a reverse lookup zone by default. This causes problems for non windows clients (and windows ones for that matter). Manually set up a reverse lookup zone on the DNS server. Make sure the the zones are active directory integrated and not some legacy DNS type.

Make sure your linux client is pointed at the DNS server with the reverse zone. Also, you might want to install WINS on your network and make samba use the WINS server.

That's about all I can think of right now.
 
UPDATE:

I've switched to Ubuntu and got a nice little program called SADMS which provides an almost-easy GUI for configuring AD logons. It works, mostly - didn't have to change anything on the Windows side (intalling SADMS was an experience in itself and introduced me to the wonderful world of library dependancies, not to mention the wilfully obscure commands required to open downloads)

From what I have gathered on the SuSE forums, lots of other people with more Linux experience than I are having similar problems with version 10. Maybe it will be solved in an updated release, but I suspect I'll be too used to Ubuntu by then.

My next task is to make sure that the little quirks experienced by active directory users when they log on to the Linux box disappear. Such as an error box saying the HAL failed to initialise (which would be fatla in Windows but doesn't seem to have any effect in Ubuntu, assuming it is the same HAL) and a lack of easy access to the shared network folders for each user. Then there's printers! And OpenOffice...various other programs...

...But if it can be made to work (and I'm confident it will), we will be able to start switching hundreds of students away from Windows and save the state thousands of pounds in software licenses (millions eventually).
 
Regarding those obscure commands to open downloads (like .deb and various .tar flavours):

Is there a program that will add an 'install this file' option to the right-click menu? Surely that would be fairly easy to make? Am I being unreasonable in wanting to avoid typing 'tar -zxvf latest_version_of_software_4.3.6-2_i386.tar.gz'?
 
Am I being unreasonable in wanting to avoid typing 'tar -zxvf latest_version_of_software_4.3.6-2_i386.tar.gz'?
Click to expand...
Nothing is unreasonable as the computer should work the way you want it to. First off you do know about tab completion, right? That means that typing 'tar -zxvf la [tab]' would probably do all the work for you. Tab completion makes the CLI wickedly powerful for file management. You never misspell file or folder names.

I use KDE and as a quick test I downloaded a zipped tar file to try out. When Firefox was done downloading I clicked open in the downloads window. The whole archive popped open in a window with an icon label extract to in the tool bar. So yes it is possible to click your way through extraction.

The reason one usually uses the CLI for this stuff is that you may need root access to put those files in their proper place.

Sorry I can't help with the logging into the Windows domain thingy. I would recommend trying SUSE or Mandriva they seem smarter than most desktop distros.
 
Thanks, I did not know about the tab completion. Only you top Linux users know stuff like that!

As for the domain joining, I have managed it by switching to Ubuntu as mentioned previously.

New Linux Q:
Where do I go to add a start-up command along the lines of 'add a desktop link to a network folder' (where the folders name is different for each user)
 
What you're doing makes perfect sense for adding one or two linux boxes to a standard windows network and so far you seem to be doing rather well at it!

But if your ultimate intention is to try and move users from windows to linux desktops then it begs the question why you want to stick a windows domain structure at all.

If my intention was to network/'single sign-on' a building full of linux boxes then I would be looking at dropping windows domain models and using something like Novell (which has gone all linuxy nowadays). It (and other stuff like opendirectory) can give you full domain-like functionality, all completely native to Linux/Unix.

You may counter this by saying that you have windows servers that run specific critical apps for your users but there are very few windows apps that can't be run over citrix or replaced altogether by linux apps.

It's a matter of balance really - if you have mostly linux boxes on the network, with a few windows boxes then converting the entire network away from windows makes sense. If it is the other way round then what you are doing is fine.
 
The situation is several hundred Windows boxes running from several Windows servers (it's a big school), and right now we're looking for a proof-of-concept that a Linux box can successfully join in.

The changeover is envisaged as being very gradual - new computers purchased will still have Windows installed, but over time we'll be able to move more over to Linux.

I completely agree that it would make more sense in a Linux desktop world to have Linux servers, but there is too much money sunk into the current Windows infrastructure for that to happen any time soon. Plus the downtime involved while we all retrain to Linux, which is no small task!
 
You've just described the situation half the companies in the world are in! I know I'd love to start rolling out linux to my users but with the best will in the world I don't think linux is quite there yet.

The biggest problem linux faces in the battle for supremacy over windows is the massive investment companies have already made in windows infrastructure and the strategies they have invested in to follow a windows based future.
 
Underemployed said:
Where do I go to add a start-up command along the lines of 'add a desktop link to a network folder' (where the folders name is different for each user)
Click to expand...
I believe you can use the ".bash_profile" file in the user root directory to do that. I'm not a linux-guru though so you'll have to try it yourself. Also, any "~/.bash_logout" file will be executed on logout.

However, as you're doing this for all (?) user login into the machine, you may want to use the "/etc/profile" file instead of "~/.bashrc" as it works globally for all users. Dunno about the logout in that case.

(Some explanation: "bash" is the shell running your commands. Filenames starting with a "." is hidden, you can see them by doing a "ls -a" at the command line or select "View -> Show Hidden Files" in KDE Konqueror (dunno about Gnome). "~" refers to the current users home directory, you can, for example, do a "cd ~" to change directory to your root at any time at the command line. Upon login, bash executes first "/etc/profile" and then either "~/.bash_profile", "~/.bash_login" or "~/.profile", in order of preference. Note: There is also a "~/.bashrc" which is executed everytime an interactive shell is opened, hence it should only contain aliases and variables).
 
You must log in or register to reply here.

Back
Top Bottom