[clug-talk] Linux on AD Domain

Fri Aug 7 19:52:55 PDT 2009

TekBudda wrote:
> I am not sure if I have asked this or not so please forgive any
> duplication.
> 
> I am about to embark on adding my Linux box to my AD domain at home so
> that it will authenticate to it and essentially be used like a Windows
> client would.  I am to understand that Open Likewise is probably one of
> the easiest & better ways to do this & luckily enough there is an
> article on it in issue 121 of Linux Format.

Never heard of this project, I will have to check it out.
> 
> I currently use Roaming Profiles & storage on the server for the Windows
> clients so that everything is centralized & can be backed up more
> effectively.  The map to the profiles folder & the startup script are
> both located in the AD user (i.e. Me).
> 
I have never been a fan of roaming profiles, they seem to cause more
problems than they solve.  I have been in the habit of storing
everything on a network share, so I can get access via sftp/sshfs if I
am remote (like right now) or samba (cifs) if I am local.

> What I would like to do is emulate the same thing & have the Linux box
> store its profile on the server/storage as well so that regardless of
> what box is connected, it would pull the same profile.  From what I have
> read I would need to create a "Profile-Linux" folder to store that
> information in.  As per the profile/startup information in AD listed
> above, will this create an y havoc for the Linux box?

You can do one better, the home directory can actually be stored on a
network share.
> 
> I realize there may be an issue with permissions, but it would stand to
> reason that if I am authenticating to AD then the permissions should be
> set by the folder the information is saved to...but I could be wrong.
> 
It depends entirely on your network share and UID mapping.

> I am also hoping there would be a way to sync some common information
> (i.e. Bookmarks, Settings, IMAP/e-mail folders, etc.) so that regardless
> of the platform I would be able to access the same information on
> anything, without having to recreate the wheel.  I know this may be a
> pipe dream but, hopefully can happen.
> 
Most of these things are stored in plain text files, it should be
doable.  The big catch is that Firefox and Thunderbird use randomly
generated profile names.  I have never bothered to try this but I would
be interested in your experiences.

As an alternative, I use the Zindus plugin to keep all my Thunderbird
address books synchronized with my google contacts.  All of my email is
IMAP based so there is no problem here.

> I am also wanting to set-up a shared Home Drive accessible btwn a
> windows, Linux & Mac box.  It would contain documents, etc. similar to
> any "My Documents" type folder.  Any hints on this?

You can tell Windows where to find the "My Documents" folder.  This can
be a different partition or a network share.  I keep eveything on a
samba share that is stored on a Linux file server (software RAID + LVM
is simply awesome.
> 
> Any help, suggestions or otherwise would be welcome.
>
The way I have done this in the past is to get comfy with PAM.  All of
this can be done by bending PAM to your will.  I bought a book on PAM,
seriously one of the best investments I have ever made (the Oreilly DNS
book and an iptables pocket reference rounding the entries).

Hth,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://clug.ca/pipermail/clug-talk_clug.ca/attachments/20090807/6789fd7a/attachment.bin>