cancel
Showing results for 
Search instead for 
Did you mean: 

Centralized Mgmt in Linux ??

SOLVED
Go to solution
Ahmed Malik
Occasional Advisor

Centralized Mgmt in Linux ??

i am a newbie.
i have a M$-based small network of about 30 computers. running Active Directory(ADS). I now planned to switch towards linux. I just have no idea of Linux. B4 taking any decission I want to know that is there any equivalent technology in Linux as we have ADS in windows ???

Till next time
Ahmed Malik
9 REPLIES
John Collier
Esteemed Contributor

Re: Centralized Mgmt in Linux ??

Ahmed,

You ask a bit of a tricky question.

Before I go about trying to give a long, complicated answer let me ask you this:

What part of M$ AD are you most interested in being able to duplicate? What benefits do you currently get from M$ that you feel like you can't live without?

The answers to these questions will help me to formulate an answer for you that might apply better than my ramblings at this time.

I too have been looking at replacing my M$ machines with Linux, so I feel I may have something to offer you if I know what your main concerns are.


John
"I expect to pass through this world but once. Any good, therefore, that I can do, or any kindness that I can show to any human being, let me do it now. Let me not defer or neglect it, for I shall not pass this way again." Stephen Krebbet, 1793-1855
Ahmed Malik
Occasional Advisor

Re: Centralized Mgmt in Linux ??

Hi John,

I mostly interested in the following

1) if a user login on Domain, then he/she will automatically authenticated by all member servers(like Database, and others).

2) user can search resources in domain.

3) Centrallized Resource Management, esp Centrallized user management, so that a user can be login from any machine in the Domain, or user can only be login from some specific machines. And Group Policy.

4) Organizational Unit, so that i can delegate adminstrative control in domain to others as well.

5) sites -- to manage replication traffic

6) for the sake of performance and load sheding, I m also interested in Operation Master.

Hope the above will clear my interest.

Rgrds
Ahmed Malik
Roberto Polli
Trusted Contributor

Re: Centralized Mgmt in Linux ??

Do you want to shift all your architecture to linux or you want to use a mix (eg: win client+linux server?)

Being ADS based on LDAP you should write back the ldap config of ADS and recreate it on OpenLDAP. RH gives you a lot of tools for easily manage al of this stuff.

To manage authorization I know
pGina (search on google) which works for both unix and win;

For monitoring network and logs there are a variety of tools, both binary and web-based;

For file serving to win machines you can use samba v3;

Peace, R
John Collier
Esteemed Contributor
Solution

Re: Centralized Mgmt in Linux ??

Ahmed,

What I have found in my search through the differences between Linux and M$ and what I can and can't accomplish with Linux vs. Windoze is that there is very little in a business environment that can't be duplicated or even improved upon using *NIX (almost any flavor of Unix/Linux).

While I can't quote package names for each piece you will need to make all of it work (I'm sure that someone else here can fill in the gaps for me) I can say that each of the issues that you mention are addressable through Linux.

James Damour probably said it best in your other thread when he stated that "the hardest part of switching from M$ to Linux is learning how to handle all the new choices that you are given by Linux" The biggest difference is that M$ wants you to use specific programs (or plug-ins/snap-ins) to accomplish a certain task. Linux will give you many different options to accomplish those goals and you simply have to decide which is more comfortable or appropriate for your situation.

1). The idea of a Domain is not unique to M$. It is possible to set up a non-M$ domain. In fact I would venture to say that it is done daily. You will simply need to learn the tools and steps to do so just as you did with M$. Once a user logs into your non-M$ Domain, then they, too, can be authorized for each of the services that they need. Actually, I think that you may find you have a better granularity with permissions with Linux than you are currently accustomed to once you learn the finer points of Linux domains.

2). You can define what resources a user has access to search. The concept is much the same, but with a few more 'tweaks' available. In a limited fashion, I have done this with my own stand-alone Linux box so I know this statement to be true. I have even found it to be a little more easily understood once the concepts were learned.

3). It is possible to have both centralized login servers and local login accounts. If you want this to happen, it can be done. Also, when you create a user you MUST assign a group to that user. This is not optional. You can assign a user to more than one group if you wish, but they have to be assigned to a group. Much like what you are accustomed to right now, you also have user and group settings that can be applied to resources. This is not only possible, but is considered a basic part of *NIX security.

4). Here is where I am going to do as little bit of guessing. I know that there is a package available for HP-UX that will allow a person to delegate administrative type authority to different users so I am going to assume that there is something like it available for Linux. In the HP-UX world this is called Sudo. Perhaps someone else can fill in the gaps for me on this one?

5 & 6). These seem pretty much alike to me in many ways, although I am not personally familiar with this Operation Manager that you mention. It seems like you want to get the most performance out of your network as possible while limiting the unneeded traffic. Please remember up front that Linux and M$ use very different approaches to communicating over a network. By nature, the traffic will be shaped much different 'out of the box' than what you are seeing right now. Take some time to watch this traffic (Linux has many fine tools for this, by the way) before you decide how, or even if, you need to change things once the machines start getting deployed. The answers to what you need to do (if anything) will start to fall into place as you watch the new traffic patterns evolve.


Sorry for the long-winded reply, but I have a tendency to get carried away sometimes on answers like this. I also apologize if you were looking for more details on what packages to use. While I have done much research on the subject of replacing an existing M$ network with Linux, I have yet to get into the details of actually doing it. I do have a Fedora box that I am arguing with at home at this time, but I haven't had to get into anything as large as the project you are contemplating. In theory, I know it can be done, but the exact details of exactly how escape me at the moment.

That is why I am spending so much time here myself at this point :-)

Hope some of this helps,
John
"I expect to pass through this world but once. Any good, therefore, that I can do, or any kindness that I can show to any human being, let me do it now. Let me not defer or neglect it, for I shall not pass this way again." Stephen Krebbet, 1793-1855
Stuart Browne
Honored Contributor

Re: Centralized Mgmt in Linux ??

John, 'sudo' exists under Linux as well, and the specific functions can be restricted, or opened using the '/etc/sudoers' file.
One long-haired git at your service...
Ahmed Malik
Occasional Advisor

Re: Centralized Mgmt in Linux ??

Hi All

Since I m busy bcause we are expanding and our buisness, so u all may guess, I am responsible for new network setups. We have descided to purchase more M$ License, because we(all of our staff) are not familiar with Linux.
I have planned to learn, and then afterwards implement Linux, bcause I just dun want to take any risk. I m learning, and proud to have the backs of u gr8 Geeks. Hope soon I'll b in the position to implement Linux.

John two treads from me is a mistake, I had no intentions to post the same prblm twice. And thanks once again to recommend me a Book. I soon will purchase the book.

No john Operation master and Sites are pretty much different things, although both(i.e. Sites and Opeation Masters) are phisical entities, in ADS.

Operation Mater(OM) are five types of 'roles' performed by the machine(s) that are Domain Controller(s). If u have a single machine as a Domain Controller(DC), then all five roles are performed by the same machine, but if u have multiple machines(servers) then u can distribute these five roles among those machines.

Sites are one more IP subnets connected via high-speed links, and used for managing the replication traffic, or in other words, site(s) is a sets of DCs that are well-connected in terms of speed. In very simple words, if u have two offices 'A' and 'B', and both are connected via high-speed link, then both offices are part of the Same site, and if A and B are connected via low-speed links then, both offices should be the part of diff sites.
Some Key Points:

1) DCs replicates on the basis of updates
2) If DCs are well-connected(i.e. in a same site) then replication doesnt bother, i.e there is no need to plan any schedule for replication
3) If DCs are poorly-connected(i.e. DC's are not in a same site) then replication shuold be planned on the basis of "schdule ", not on the basis of "updates"

Rgrds
Ahmed Malik
Ahmed Malik
Occasional Advisor

Re: Centralized Mgmt in Linux ??

Roberto, I m pretty much amazed, when i was learning your post. bcause for me it will be a gr8 easiness to recreate all of my ADS configuration in Linux. I'll must ask for this. I m pretty much busy, bcuase we are designing a new network for our new branch office, but afterwards, I'll b back again.

Thnx n Rgrds
Ahmed Malik
John Collier
Esteemed Contributor

Re: Centralized Mgmt in Linux ??

Ahmed,

Now that you go through the explanation, it all comes flooding back to memory. It's been so long since I had to concern myself with anything like that. I deal with nothing that has less than a Fast Ethernet connection in my world and even then the only real server I have to deal with anymore is a stand-alone on my own private home network.

My apologies for the sidetrack on the issue and at the same time my thanks to you for making me remember. Every now and then we need to be pushed to remember things.

Best of luck to you on your latest project. I, for one, will look forward to working with you on expanding your Linux knowledge in the future. I think that I will learn as much as you in the process.


John

PS. You are welcome to assign 0 (zero) points to this entry since it didn't really help you in any way.
"I expect to pass through this world but once. Any good, therefore, that I can do, or any kindness that I can show to any human being, let me do it now. Let me not defer or neglect it, for I shall not pass this way again." Stephen Krebbet, 1793-1855
Ahmed Malik
Occasional Advisor

Re: Centralized Mgmt in Linux ??

dear john
Thnx for appreciation, and wishes.
I m Busy a lot, as might expect.

Rgrds
Ahmed Malik