This article will try to show you how easy it is to setup Novell’s Suse Linux Enterprise Server as a Window Domain Controller (WPDC) – all by just pointing an clicking – no text editor is required. After implementing these instructions, you will have a fully featured WPDC that includes setting up an LDAP user/machine database as well as utilizing Dynamic DHCP and DNS Servers.
Deploying Novell’s Linux Server in a Windows Domain Environment
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
… but honestly, I usually find it easier to configure things using a text editor and a readable configuration file.
Well, I gotta admit, I’m a dufus here, and I only skimmed the article, but it seems to me like it doesn’t really cover migrating an existing domain controller to Linux, which is pretty much what you’re going to need to cover to get anyone to switch over. But hey, if I am really a dufus and the article covers that, and it’s as point and click easy as they say, then man, what’s stopping everyone?
A samba server can act as your domain controller if you are intent on continuing to do things the window’ish way.
Or you can set up OpenLDAP/Kerberos Authen/Samba for a full OpenDirectory style solustion and use directory administrator a gtk2 tool to maintain it and from there on out its pretty easy business. The tough part is setting up the first time of course.
But I believe the article covered most of that.
RE:migrating?
By Cheapskate (IP: —.69-92-cpe.cableone.net) – Posted on 2005-03-25 03:05:56
RE:what’s stopping everyone?
FUD
Its more than that.
1) Intertia. There is no one overwhelming killer app style reason for everyone to move wholesale to linux. It has to be more than a sheer cost issue. There has to be a hook.
2) Vested interests. A large number of IT departments and personnel “grew up” so to speak in their professional lives hooked on the Windows way of doing things. Getting them to move over to linux is a terrible challenge. Its new and frightening to them. There are also vested interests in the user community in the corporate environment where everyone from project managers to administrative staff already know how to use a windows box and re-training is a big deal. Trust me I was around during the Win 3.11 to Windows 95 move.
3) Proprietary file formats. Sure OpenOffice can handle most of them except stuff like a whole companies worth of expense sheets handled through some vb launched crap excel spreadsheet thing or the years of project files or the tons of visio drawings for the network diagrams.
Its not impossible. My division (small one) of a large company moved a total of 50 users mostly unix programmers, sysadmins and network folks — ie the engineers to unix desktops. With a little planning and the mindset of setting up the desktop ahead of time for “basic” needs like setting up printers and common network shares and even junk like browser plugins it becomes pretty easy.
But there is a reason it has not happened on a large wipespread scale. It will be extremely interesting to see how Novell progresses with their large scale migration.
Damn you hit it on the head!
To some extent most of those points also applies to the many “OSX in a Windows environment” analysis articles.
It used to be the main issue for Linux/GNU/Apple was the lack of pollished real world ready apps that everyone could enjoy. About a year ago the shock wave of refinement broke out, pushing people to face that fact that not everybody wants to use half-assed user environments or poorly designed GUIs. Now you can look at Fedora/Ubuntu/SuSe/NLD and see some real cutting edge and clean work going on. It’s great to see, and in the end its all a matter of time.
Hate to burst your bubble boys, but “dcpromo” is still simpler and you end up with a full Active Directory with all the trimmings, not a 10 years late NT4 domain clone.
I agree with Matt…who wants a PDC? Active Directory is now the MS solution that needs to be compared against, not an NT 4.0 PDC. A major function of AD is control over the entire windows client environment, including client settings. When you can show me a Linux server that can control every aspect (except the user) of the companies windows clients, then I will take a real look at it. I guess if you just want a single repository for user authentication though, this is a good article
Hate to burst your bubble boys, but “dcpromo” is still simpler and you end up with a full Active Directory with all the trimmings, not a 10 years late NT4 domain clone.
… but rather cheaper and less susceptible to virii and other kinds of malware…
-Bert
bsblog: http://www.bertplat.net/bs2k5.html
When you can show me a Linux server that can control every aspect (except the user) of the companies windows clients, then I will take a real look at it.
Take a look at Novell’s Open Enterprise Server, then, which is basically file/print/directory/etc services on top of SuSe Linux Enterprise Server 9. Or, if you wish, NetWare 6.5. Add Zenworks to it, and you’ve got your solution.
-Bert
bsblog: http://www.bertplat.net/bs2k5.html
… but rather cheaper and less susceptible to virii and other kinds of malware…
Novell charges $350 per year for SLES9. $750 per 3 years. If you’re spending that sort of money you might as well spend a few hundred extra for the added benefits of a Windows 2003 domain controller. You might even get it cheaper than SLES if you buy OEM or through a volume license program.
And if you can’t keep malware of a domain controller you shouldn’t be an administrator. Most Windows malware is propagated by the web and email – you shouldn’t be using either on a DC. As for remote exploits, I’ve heard of more remote root holes on Samba recently than I have on Win 2003.
I can’t afford SLES9, and most of my clients don’t want to spend that much on new, different software, when they already know how to use Windows.
So lets put it this way, are there any other configuration utilitys out there that can make this as idiot proof/fast as Yast does it?
All I saw was examples of integrating with PDC/BDC. No AD member servers. No integration with AD DNS, ie pulling down from a primary AD zone. How about file permissions based on AD? Good article but not really how to integrate with a modern Windows AD.
“I can’t afford SLES9, and most of my clients don’t want to spend that much on new, different software, when they already know how to use Windows.”
If you can’t afford $350 a year on this kind of software when you obviously need it (otherwise you wouldn’t complaining, would you?), you should check your model of business operations.
“So lets put it this way, are there any other configuration utilitys out there that can make this as idiot proof/fast as Yast does it?”
You mean: something as userfriendly and solid, but free you mean? And while you are on it you want free Aqua too and you probably already mailed OpenOffice.org that they really should include the projectmanager Microsoft put in Office for OS X, right? All free of course.
But if they don’t offer that functionality you are not able to convince your customers to switch to the current software, but you advice them to keep on buying (and paying for) MS Windows and their CAL’s instead.
Wierd way of looking at things or I must be missing something.
1. I never once mentioned free. I don’t have a problem buying software. I work hard, but I’m not rich, most of my money goes into just trying to live.
2. I don’t admin these servers, I turn them over once they are built to the customer. Trust me, adding users needs to be easy.
What I really want is to roll my own setup, using existing tools, that is easy to configure, that I am going to GIVE AWAY for FREE.
I have been in this kind of business for a long time. One thing I have learned is that most customers don’t have an opinion themselves, but tell you what they read on websites, or what is being told on birthdayparties, and such. This even goes for people that call themselves educated sysops. Problem is that most of them only read stuff about their solution, because most of ‘m are stressed enough to keep that up and running. They seldom look over other solutions available.
That’s where you come in. It’s your business to convince them to choose the best value for money. That can be paid software, or free software, or whatever, but by no definition it means that you ALWAYS have to give away things for free. In most cases it is a matter of educating your customers. Once they see it, they are hapily going to pay those $ 350.
Four years ago, I was in this major pitch for a client with 9 branches. My team put an advice on the table pointing to thin clients, unix and such. Not very popular in that line of business and pricy when buying, but cheap maintaining. After fierce rounds of negotiations, in which at least two competors were involved offering a more regular and cheaper fat client solution, the company picked our solution because they believed in OUR vision.
Three weeks ago, the company purchased a competitor of roughly the same size and same level of operations. IT department of our client: 3 sysops maintaining 600 workstations, 11 branches, centralized architecture, thin clients. Competitor: 21 people doing 700 workstations, 9 branches, decentralized architecture, fat clients.
Note: the example isn’t about thin clients vs. fat clients, because we do everything, including a lot of MS stuff. It’s just an example of delivering a solution against mainstream. One that paid off in this case.
If you’re spending that sort of money you might as well spend a few hundred extra for the added benefits of a Windows 2003 domain controller.
Are you serious ?? First the cheapest version of W2K3 with Active Directory will set you back ~$750, twice as much. Furthermore, you only get 5 Client Access Licenses with this. Each Additional CAL will cost you $70. (And no, owning WinXP Pro is not considered a CAL)
So for a network of 105 computers you will be paying $7,775 if you go with Microsoft, but wait there is more…
If you read the article’s introduction, you will see that SLES9 pretty much doubles the performance of Win2K3 on low-end server hardware… Win2k3 will max out at about 40-50 pretty active Clients, so on a network of 105 computers using a low-end server you will probably need another server. If you call your Microsoft rep, he will probably tell you that yes, that means another $7,775. So, going with Microsoft could probably set you back over $15,500 just for Licensing alone!
As for the $350 for SLES9, that is for the updates only, most everything is licensed under the GPL (except plugins and acrobat), including YaST, so if you are cheap, just download the ISOs for Free, if you do not have a high speed connection, you can just buy the media for $35. If you are extremely cheap and want updates, just re-register for the free 30-day trial using a different email account.
Man, I don’t know why people love Active Directory so much, it is just a crappy knock-off of Novell’s eDirectory and a very, very limited XenWorks.
“Novell charges $350 per year for SLES9. $750 per 3 years. If you’re spending that sort of money you might as well spend a few hundred extra for the added benefits of a Windows 2003 domain controller. You might even get it cheaper than SLES if you buy OEM or through a volume license program.”
You forgot to add in the Windows per user CAL’s And that crap is so damn confusing I bet there is not a company out there that is following the licensing correctly.
First you have to buy Windows 2003 server ($999 for 5 CAL’s or $1,199 for 10. And those are ether user or device CAL’s) or enterprise server ($3,999 for 25 CAL’s ether user or device) Then you have to get more CAL’s for every dang thing. CAL’s start at about $40 a user or device (Confusing) Oh but if you want to use terminal server you need separate CAL’s and then there are External Connector CAL’s
Yes you can get a volume license which can lower the price but if you follow the license scheme properly you are going to pay a good deal more then if you go with Novell. (If you can figure the scheme out.) Oh and remember NONE of these prices include ANY kind of Microsoft support, not even by e-mail. When we did the Windows 2000 AD roll out here (For the United States Agency For Internation Development) not only did we have to all go to class which cost the government about $2500 per tech or MCSE but we also had to bring in 2 Microsoft consultants. One for the desktop images and security etc and one for AD and Exchange. That cost the government about $150 per hour per consultant. And then we pay for MS gold support. Which allows 5 calls a month and costs the government $1225 per 5 calls.
So please if you are going to break out prices please break them down so all the included prices can be looked at. And yes I know that if we went to Novell Linux that training costs etc would be included also. But tech support is LOWER and consultants are cheeper.
“Are you serious ?? First the cheapest version of W2K3 with Active Directory will set you back ~$750, twice as much”
You’re obviously looking at SBS 2003, which includes Exchange server, Sharepoint Server, and MS SQL Server. How much does Novell charge for OpenExchange? Oh, and don’t forget the CAL’s there as well. Your licensing costs are pretty suspect; I’ve quoted larger networks than that and not spent as much on licensing. Someone’s getting ripped off.
You claim of performance on low-end hardware is only true if you use hardware that is not suitable for SBS in the first place; i.e. is not on their recommended list. The last time I tried to install SuSE’s enterprise solution, it complained about my dual-cpu 400MHZ Xeon system, saying it was too slow.
Lets skip all this FUD….
Directly from the source, Microsoft
http://www.microsoft.com/windowsserver2003/howtobuy/licensing/prici…
Windows 2003 Server Standard with 5CALS – $999
Windows 2003 CALs 20-pack – $799
Cost for using Windows 2003 Standard Server on a 105 computer network – $4,994
Cost for using SLES9 on a 105 computer network – $350/year for updates.
Cost for not having to worry about your server infected with Viruses, or a corrupt registry – Priceless
(sorry, had to add it)
“…Cost for not having to worry about your server infected with Viruses, or a corrupt registry – Priceless
(sorry, had to add it)”
Anon Microsoft fanboy owned…
So they finally created a decent configuration tool for Samba. Something Samba developers should have done years ago SWAT? please a web front end to edit a text file.
“Windows 2003 Server Standard with 5CALS – $999
Windows 2003 CALs 20-pack – $799
Cost for using Windows 2003 Standard Server on a 105 computer network – $4,994
Cost for using SLES9 on a 105 computer network – $350/year for updates.
”
Cost for having to worry whether or not the next Microsoft workstation release will be compatible with an NT 4 style domain, and hence making all your investment in your current infrastructure worthless, priceless.
Security costs for not having Windows 2000 clients and XP not using Kerberos because they think they are using an NT 4 domain, priceless.
The simple fact is that if you are going to use Windows XP clients, you need to implement it properly and use de facto industry standards. Only a fool will develop a Windows domain in 2005 doing things how Microsoft did things in 1995. If you want to use Windows clients, pony up the extra cash and use Windows Servers too. For a site that uses 300 Windows XP Professional workstations, the CAL’s are a drop in the bucket compared to the licensing cost of all that software.
Don’t get me wrong, I’m not telling you to use only Windows as workstations or servers. Feel free to deploy Linux/Unix workstations/servers too. But do yourself a favor and use the proper tools to manage these devices. For example, use NFS rather than SMB. Setup an OpenLDAP server, Kerberos Server on *nix and configure these servers to communicate with Active Directory. Don’t make the Linux workstations talk directly to Active Directory. Do things right so that you can gain the full potential of your investment and avoid major potential headaches in the future.
“…Cost for not having to worry about your server infected with Viruses, or a corrupt registry – Priceless
(sorry, had to add it)”
Until I get your Admin’s NTLM hash. Then the cost goes up considerably….
If you’re gonna deploy Linux for sign-on security, use Linux clients and lock ’em down properly. Otherwise you’re wasting your time.
Man, I don’t know why people love Active Directory so much, it is just a crappy knock-off of Novell’s eDirectory and a very, very limited XenWorks.
Two reasons:
– You can’t spell ZENWorks (killing your credibility as you’ve obviously not worked with it)
– Active Directory killed eDirectory and predecessors about 5 years ago. Really. Novell weren’t selling too many “e-Directory” or “Netware 4+” installations, thus the desparate attempt to lob on the “Linux” bandwagon to make profits.
Bullshit. eDirectory scales in ways that AD can only dream of. Who pays you to spout FUD non-stop?
Don’t get me wrong, I’m not telling you to use only Windows as workstations or servers. Feel free to deploy Linux/Unix workstations/servers too. But do yourself a favor and use the proper tools to manage these devices. For example, use NFS rather than SMB. Setup an OpenLDAP server, Kerberos Server on *nix and configure these servers to communicate with Active Directory. Don’t make the Linux workstations talk directly to Active Directory. Do things right so that you can gain the full potential of your investment and avoid major potential headaches in the future.
Thank god a voice of sanity in a sea of MS fan FUD and some people here throwing out over-expectations on the linux fan side.
Though I still have seen a good samba server work well in a Windows domain and feel its a more natural choice in terms of usage.
2003 Server (oem) is still cheap. Both SUSE and MS have their software that is probably a couple of hundered a piece. But there is something that your forgetting:
CAL’s
The number of CAL’s add up to a small fortune, depending on the number of users. In the price range, SUSE still wins.
I have been looking to replace my MS 2000 network for some time with a Samba / LDAP solution. The part I am unable to fully replicate is the easy event logging, file level auditing that Windows offers. We need to be able to determine who deleted a file, accesses a directory, etc. on any one of our servers. MS makes that easy with one username, easy to setup auditing and event logging.
You can configure samba for multiple types of logging, especially when you consider the their Wildcards %U and %m – say you want different logs for each machine use –
log file = /usr/local/logs/samba.log.%m
for user just replace %m with %U, and depending on your log level, you can log just about anything, then to find whatever you are looking for just grep the log files.
It’s been a while since I’ve used it, but Webmin
( http://www.webmin.com/ ), could be the tool you are looking for. Runs on many different OS-es and distros too.
./nalle.
Common guys, gimmie a break.
1) Novell’s Netware is a pile of steaming dung. Look at the amount of market share it has. Most people that are using it are migrating off of it to MS.
2) Suse has a LONG ways to go. Companies are still investing in Mircosoft technologies, not Novell or Linux. If they do, it is on a VERY small scale and most likely driver support.
3) Samba does not and will not have the functionality of AD anytime soon. If we can get someone up here that knows enough about AD to make that assumption, let’s see it. Like it or not, Microsoft has a pretty sweet turn key package for consumers.
4) Big businesses are still very weary about installing open source products with very limited support. They are still most likely going to go with Microsoft as a result. Just look at GE as an example.
5) If Novell has the balls to challenge the community as Microsoft did, they would have the same issue with virus’ too. It is not just a Microsoft problem… it just seems that way because most are directed torwards thier products.
6) Windows 2003 is very stable and SECURE, despite what the morons out there tell you. Most that say this have never even tried to touch the tip of the iceberg when it comes to the THOUSANDS of utilities that MS and third parties have to make it even more secure.
7) Novell iChain is total crap.