WindowsLinuxInterOpDec2005 < GNHLUG

GNHLUG Web>WindowsLinuxInterOpDec2005 (2023-12-13, BenScott) (raw view)

Presented by James Fogg to the Central GNHLUG on 5 Dec 2005

%TOC%

---++ Linux Windows Integration: Can’t we all just get along?

---++ JD Fogg Technology
   * Infrastructure Consulting
   * Security Consulting
   * Network Engineering
   * Project Management & Implementation

---++ What is Interoperability?
   * Application Sharing
   * Shared Data Resources (ODBC, etc.)
   * Network Services (DNS, etc.)
   * Mail
   * Printing
   * File Sharing
   * Internet Access (ISA issues)
   * Login “pass-through” / AD integration

---++ Application Sharing
   * RDesktop & Terminal Services
   * VNC
   * X-Windows
   * Cygwin

---++ Network Services
   * MS-DNS works well
   * MS-DHCP is integrated with DNS
   * NTP is native to AD
   * Split DNS is possible, but complicated

---++ Mail
   * Exchange supports POP3 and IMAP
   * Outlook / Outlook Express support POP3 and IMAP
   * MBOX conversion possible
   * Integrated calendaring is the driver for Exchange adoption
   * Exchange Public Folders are evil
   * POP3 connectors in Exchange

---++ Printing
   * Samba and Printing
   * CUPS

---++ Internet Access
   * ISA relies on AD for AAA
   * Outbound Internet access requires systems and users to be “known”
   * Exceptions can be made for non-AD machines

---++ File Sharing
   * Samba – the well worn path
   * Browsing AD shares with Samba 3.0
   * Killing CIFS permissions
   *  *nix-based NAS issues
   * MS-SUX and NAS tricks

---++ MS-SFU 3.5 (beta)
   * Dramatic new capabilities, in W2003R2
   * Identity Management for Unix
   * MSNFS (client, server & gateway)
   * Subsystem for Unix Applications (Interix)
   * Full NIS with AD sync
   * Tools (awk, grep, sed, tr, cut, tar, cpio)
   * Permissions translations

---++ Active Directory Integration: If you can’t beat them, join them

---++ Understanding Linux
   * Authentication
   * etc/passwd, etc/group
   * etc/shadow
   * PAM

---++ passwd and group
<PRE>james:x:500:500:Mr. James User:/home/james:/bin/bash</PRE>
   * Fields are colon-delimited
<PRE>uname:pword:userid:groupid:name:homedirectory:shell</PRE>

---++ Shadow Passwords
   * World has RO rights to etc/passwd
   * Password stored using a simple hash
   * Many processes read etc/passwd
   * Password is replaced in /etc/passwd with a token
   * etc/shadow holds encrypted password data with Draconian rights

---++ PAM
   * Pluggable Authentication Module
   * Native to Linux, available for all other *NIX
   * Allows for a variety of authentication systems to mimic /etc/passwd
   * Any AAA system with a PAM module can be used
   * Active Directory PAM modules are available

---++ Active Directory
   * Hierarchical database of users, resources and rights
   * AD is standards-based (with a little DNS protocol extension)
   * Kerberos (authentication), DNS (naming) and LDAP (directory services)
   * All services accept queries from any host
   * Extensive resources available (bring aspirin and coffee)

---++ Active Directory & DNS
   * DNS answers all queries (promiscuous)
   * DNS zones can be AD-integrated or stand-alone (using a BIND style zone file)
   * AD domain zone contains AD-specific extensions, must be AD-integrated
   * MS-DNS doesn’t support BIND 9 Views
   * MS-DHCP is integrated with DNS
   * Split DNS or Windows DNS, you choose
   * Beware zone transfers and updates

---++ Active Directory and Kerberos
   * MS-Kerberos is standards based
   * Queries must be from “known” hosts
   * Kerberos authenticates users and hosts
   * Kerberos authorizes resource access
   * Used for domain trusts
   * Transitive nature extended to other OS’s

---++ Active Directory and LDAP
   * MS-LDAP is standards compliant
   * Queries must be from “known” hosts
   * Resource of “known” hosts for services
   * Database of systems and resources
   * Integrated with Kerberos AA and rights management
   * LDAP is the “glue” of AD

---++Winbind
   * Allows Linux users to use Windows domain resources as though they were native Linux resources 

---++ Samba & Winbind
   * Winbind extends Samba functionality to integrate AD AAA
   * Samba 3.08 + IT Kerberos5 V1.3.1 + OpenLDAP
   * Winbind authenticates users against AD
   * Manages passwords, no local accounts
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081

http://www.enterprisenetworkingplanet.com/netos/article.php/3502441

---++ QUESTIONS?

---++ Thank You

AUTHOR: Main.JamesFogg

Converted from the PPT by %MAINWEB%.TedRoche - 06 Dec 2005

Attachments

Topic attachments
I	Attachment	History	Action	Size	Date	Who	Comment
ppt	LinuxWindowsIntegration.ppt	r1	manage	53.0 K	2005-12-05 - 22:33	TedRoche	PowerPoint Slides

Topic revision: r3 - 2023-12-13 - BenScott

GNHLUG

Site Tools
Search site
Site changes

Webs
GNHLUG
Main
Org
TWiki

Contact GNHLUG

All content is Copyright © 1999-2025 by, and the property of, the contributing authors.
Questions, comments, or concerns? Contact GNHLUG.
All use of this site subject to our Legal Notice (includes Terms of Service).