Slashdot Mirror
Integrating Linux into a Windows Network?
Di0medies asks: "I work for a some-what small non-profit organization that uses a windows-based network. We currently have 6 servers supporting about 25 local domain users and about 25 remote users and we're planning on migrating from Server 2000 to Server 2003 in a month or so. Being a non-profit, we're always a little tight on cash and considering Microsoft charges ungodly amounts of money for server software, migrating portions of the network to Linux leaves more cash available for other IT goodies (like a new high-capacity file server!) and also adds more stability and security to the network. All of this depends on how well a Linux server will work on a Windows network. Does anyone have any suggestions regarding Linux integration? Can Windows and Linux be made to play well together? Is there anything out there to add limited Active Directory support to Linux?"
If programs would be read like poetry, most programmers would be Vogons.
The word is "samba." Samba will more or less allow a Linux server to fully integrate intoa Windows network. I would suggest that, if you are a Linux novice, you leave domain control on Windows and just use Linux as a workhorse. Time enough to move everything to Linux when you're more comfortable with Linux.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
I've done similar things in the past and currently I run my print and file servers on Linux quite seamlessly. All of the Windows admins and users don't know any different.
Samba + PAM + CUPS gives you integrated authentication, SMB/CIFS file serving (Windows file sharing protocol), as well as SMB and IPP printing.
I don't know of any tutorials off the top of my head but Google gave me all I needed to figure it out.
He DID specify that he is looking at using a Linux server instead of a Windows server, and that all the workstations will remain Windows. Come on man, read the article before you post!
People, this is Slashdot, not the New York Times. This is an "Ask Slashdot" item. Must we tell someone to google it every goddamn time something is posted?
For the love of God, can't we just answer someone with our experiences and build up this "Google" you speak of with some actual content?
I thought the open source community was founded on COMMUNITY. Man, if the old days of USENET could see us now, they'd be ashamed.
Sorry about that. My bad.
You have, what, 50 users? Why deal with the licensing headaches from Win* server at all? Linux (running Samba) makes a great Domain Controller. Add another Linux/Samba for SAN/NAS. Throw in one more for a print server. I don't know too much about mail on Linux, but I hear postfix is nice.
In any event, your network is *way* too small to deal with Win* crap. Even if it's *donated* by MS, there's bound to be licensing issues at some point.
Deploy Linux in your server room and then migrate your users at a later date...if at all.
I'd rather you do it wrong, than for me to have to do it at all.
I've never done this before, so take it with a grain of salt, but Active Directory can act as a kerberos ticket server, and therefore should be able to work with anything that uses kerberos.
Having never set up Linux to use kerberos either, I couldn't tell you what packages are available to do this, but I would imagine that they do exist.
I know there are lots of free software bigots on this site and you can find lots of sites purporting to have easy configuration instructions for kerberos/AD set up, but I don't care. This product works, period. And it does it in an easy manner and it does it flawlessly, at least in our environment, which is a true 24x7 environment where uptime and accessibility matters -- a hospital.
Democrats and Republicans are like AIDS and Cancer, I want neither!
Your trolling is pointless. I told him all the useless information there is, if you failed to notice :) Keep your moralizing for someone else, please.
If programs would be read like poetry, most programmers would be Vogons.
I work for an organization that provides tech support for non-profits. It's sad but true, non-profits have to live in the same world as commercial entities. They're subject to the same forces as anyone else -- they have momentum with existing Microsoft installations; there are custom legacy software that would require replacement, retaining, and conversation of data; they have users who only know Windows and (rightly or wrongly) would resist a switch to any other OS because it would mean they have to learn to use something slightly different.
You should be supporting the original poster's efforts to switch, not deriding him for not having already completed the task on every machine they have.
When people ask lame questions in public forums that could have been answered with a minimal amount of legwork on their part, the standard answer is RTFM, which coincidently was coined during the days of USENET. Google has built the community already. This guy is just walking around it with his eyes closed.
One thing we found when moving from 2000 to 2003 servers is that the terminal server licensing is not free. On a 2000 server each server had an unlimited TS License. On 2003, you have to purchase them. One extra cost to beware of.
If at first you don't succeed, so much for skydiving.
And if you need remote VPN access, check out OpenVPN. It's SSL based, easy to configure (comparitavely), and stable. There are clients for Windows, Linux, and Mac.
If you have an application that requires Microsoft to run on the backend, then you are going to have trouble replacing said server with Samba. If it is an application that everyone uses, then even if you replace the other servers with Samba, you will still need the Microsoft CALs (client access license) to attach to the one remaning server. That is where the costs get you, not always the server software, but the CALs.
You can still make a case for migrating away from Microsoft at that point, but not based on software purchase price.
If you still need to buy software, have you seen this website? http://www.techsoup.org/ The nonprofit price for Microsoft software is very, very low.
"You are wasting money that has been given to you in good faith by countless people."
And how much would they have spent on consultants to set that all up for them in the first place?
Grow up. They spent money and got what they needed. "Wasteful" is a relative measure.
"Derp de derp."
What do you mean by "server?" File servers? Directory servers? Database servers? Web servers? Backup tape servers? Mail servers? Web proxy servers? What the heck are you serving?
And, how will adding servers improve your stability and security? Is there some sort of hot-backup software you're using that works on both linux and windows?
Regardless, if you're using 6 servers for only 50 users you might want to investigate whether or not all of them are really necessary. First figure out what you're trying to provide to these 50 users. Only then can you figure out the simplest way to provide it.
I'm afraid I have to agree with the parent. The best possible thing you can do for this company is simplify and documentation. You'll save them far more money in the long run then you will by skipping out on a few $2,000 Windows 2003 Server licenses.
We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
What's funny is, the people with the snide "RTFM" or "learn to google" or "one word: samba" posts, are providing more information than the "Why the hell can't we just help this guy with his question" people.
Here's a suggestion: The "Why can't we help him" people sould all start providing the help they think should be provided rather than berating the "RTFM" people for not being helpful. The RTFM people can continue to say "RTFM" or whatever as long as they provide links to relevant google searches of other helpful sites.
As for myself, I'll shut the hell up and go RT some FMs and maybe post a more helpful response later.
And thus the answers you will get will be equally useless (crap in-crap out model....).
If you are more specific about what your servers are currently doing I am pretty sure people will help you out.
Now, for basic servics:
- File server and print server: Samba.
- Authentication servers: I believe Samba can act as a domain controller.
- DNS server: bind running in Linux.
- Web server: Apache.
- Dsta Base servers: MySQL.
- Backup server: Amanda.
- email: sendmail, postfix....
So, exactly which services are you aiming to provide???
IANAL but write like a drunk one.
This is an honest question, coming from a legitimate source, so all of those who think no one is out there stumbling along trying to understand all at once everything you have learned over the course of years need to take a deep breath.
To the question: Yes, you can phase out your Windows 2000/2003 server in favor of Linux servers. Whether it is worth it is up to you to determine - if you have a lot invested in your Windows server admin skills, and you don't have time to devote to raising your Linux server admin skills, this may not be for you. Both OS's require a degree of skill to manage, particularly for networks of desktops being employed by people who need the desktop to be perfect all the time (which is what my experience tells me small non-profit users expect).
If you are willing/able to meet the skill requirements for the system & network administration, and can translate that into desktop support that meets or exceeds that you deliver now, you need to come to an agreement with the organization about how best to deliver services using Linux. Some services can be moved off of Windows relatively transparently, but those which users seem to be most sensitive to generally aren't as easy to migrate.
If you are running Exchange, particularly if you are using group calendars, there isn't a terrific free-as-in-beer Linux solution. SuSE Openexchange Server offers what looks like a nice solution, but the pricing isn't a significant difference to the Microsoft non-profit pricings that I've experienced, and it comes with a recurring annual client license fee.
If you are extensively using Windows DFS for your file service, then the transition to a system that uses SAMBA, NFS, or DAV will be visible to the desktop user, with all the associated gnashing of teeth that brings. If you haven't implemented DFS, then the reproduction of home directories and shared directories with SAMBA should be simple and, with group policies, transparent.
Authentication of users against the Active Directory to Linux network services isn't as hard as it might seem. By installing the Microsoft Services for Unix (or whatever they are calling it this week) you will get POSIX fields in the Active Directory schema that can be used to write LDAP queries against for authentication via PAM, Apache modules, and PHP, Perl, and Java applications. Likewise, logins on Linux servers and workstations with AD credentials can be directed against the AD via LDAP, and SuSE has this option included in their default install process.
Finally, there are likely applications that are seen as critical to the success of the organization that are only supported on Windows. These niche applications will necessarily govern how much you can remove Windows from your back office.
In general, the introduction of a few Linux server into your back office is as painful as you want to make it. Moving user or customer facing services to Linux has to be an organizational decision, but it doesn't present a lot of technical problems. The biggest thing to remember is that you are meddling with the culture of the organization. These 50 people are doing something they consider very important, and they are not interested in what is cool to a bunch of geeks. If you thing Linux will save you enough money to buy 'IT goodies' then you shouldn't even bother, because it isn't the right motivation. Linux can save money, it can be more secure, and it can be more stable, but all of those things are irrelevant if they users are pissed off because 'it worked fine before you changed things'.
My advice is to use Linux to deploy new services, integrate it into the existing network, but only replace something that works when it is time to upgrade (since it will break anyway) or when it stops working. Be open and honest when you deploy something, when it breaks as well as when it works fine, and if you blow it up, take responsibility and don't blame someone else.
You work for a non-profit organization and it's shelling out contribution money for Microsoft products?
Just because an organization is running Windows servers doesn't mean they have to pay for it. For some organizations Microsoft will donate software and coordinate with a local .NET users group to develop "line-of-business" applications unique to the non-profit. Case in point, the local (Kansas City) .NET users group developed an internal application to allow the Salvation Army (SA) to coordinate donations and logistics getting items to/from the SA warehouse. Those who contributed to development were given copies of Visual Studio -- for the duration of the project, of course -- and server licenses were given to the SA by the local MS office.
Usually, Microsoft software is not free, but sometimes it is...
(1) SMB:
The support is there fore most distros to use an AD server for authentication, (users, not groups, and the users must exist in the password file). On fedora, which I recommend as an alternate to RHEL (RedHat is the easiest to configure in this area imho), the command to look at is authconfig. Enter your domain, your primary and secondary servers, and your AD auth setup is done.
(2) VPN:
consider using PopTop as a pptp vpn server for linux. There is documentation available but there are also other ways of doing it
(3) Research:
Do some research. The Linux Documentation Project is a good source. But google is your friend as well.
RandomAndInteresting.comdefending the world from stupidity since 1979
Now for the application stack. I prefer using Novell's eDirectory as opposed to Microsoft's Active Directory. It'll run on Linux so that's one less Windows server right there. The price is based on a per user basis which comes up to $2 per user! Not a bad price. Tie that in with all your Linux services such as Samba, IMAP server, Postfix with eDirectory using the LDAP protocol. Their password self-service option is pretty enticing as well.
While we're on the topic of Novell and moving away from Windows on servers, look into GroupWise as a messaging server instead of MS Exchange. Again, it runs on Linux as well a bunch of other platforms and has cross platform clients so you're not limited to Windows for end users either.
Not all non-profits are the EFF though.
Don't be a dickhead. You know who you are, AC. Now go put your fuzzy slippers on and get back to daytrading on your Mom's WebTV. It clear you don't have the social skills required to formulate a proper response anyway.
The idea that some other undersocialized loser modded you insightful just removed any hestancy I had in going off on you. Perfect.
Do what you will mods. I could care less if I have 'Excellent' karma with a room full of asshats like this.
If you never make mistakes, it's probably because you're not doing anything.
I toss down another gauntle that instead of whining about how they're wasing money running Windows, the AC troll above, and all Slashdot that can do 3 things.
1. Consider that this is someone who is looking into using something besides Windows, and not blindly spending money bacause "that the way it's always been done."
2. Sit there and HELP THEM DO IT! (Though above postings are doing a good job, so it may not be necessary).
and this is the most important one:
3. Go help a non-pprofit with their tech needs! They need us, and the community needs them. Time frequently means more than money, espically if they need tech help.
I have a group I'm helping locally to "fix up" their computers, and they have to run Windows in order to run some specific software required for them to obtain a grant. Think they should switch to no Microsoft? Not on your life. They get far more money from their grant than they pay to Microsoft, so it would be extremely wasteful to both their community and their donators if they were to "dump Microsoft." (Giving alternatives where appropriate, is another story entirely.) Think they can always count on being able to find a tech who can support linux? Nope. Most are volunteers who come and leave as they wish, and odds are they know Microsoft. Think they want to become part of a minority population? Turn down tech help because they run an OS that few are likely to know about? No. MS makes sense fror them, at least at the OS level, and definitely at the workstation level.
I am, and always will be, an idiot. Karma: Coma (mostly effected by
The Free Software Foundation?
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
They did nothing of the sort. You can use 2 terminal service licenses for remote administration in 2k just like 2k3. They are absolutely *not* free in 2000. For regular users, not remote administration, you are supposed to get TS licenses; be it win2k or win2k3. Don't take my word for it.
Q. Do I need to purchase a Terminal Services CAL for each machine that is running a validly licensed copy of Windows XP Home Edition and connected to a Windows 2000 Terminal Server?
A. Yes, all Microsoft operating system products (except for Windows 2000 Professional and Windows XP Professional) require a Terminal Services CAL to access a Windows 2000 Terminal Server.
I know the original question was 'how do I dump MS for Linux', but I highly suggest you choose the right tool for the job. Yes, Linux is great. Samba is great. Administering it, well, it depends on *you* really. As most are guessing, it doesn't sound like you've heard of samba, so it is likely you are fairly new to the Linux scene. Great. Welcome.
Now, you really need to decide if it is the right tool and if you can make it the right tool. Before doing that, consider your current setup and your current upgrade path. Is MS wrong for you? Maybe not. Do you qualify for Non-profit MS licensing? Yes, it is evil and I should be lashed for suggesting it. However, it is important to know that the option exists. If you do qualify, you are not going to get a better licensing option from MS at your size in all liklihood. Small Business Server 2k3 is definitely targetted at your size organization; find out what pricing you can get for it from the MS marketroids. Let them even give their TCO arguments to you. Remember them, write them down, you'll need them.
Once you have that info, you have the ammunition to help justify your linux proposal. Or you won't and you'll have at least chosen the Evil Empire with thought...
Don't make the switch just because the zealots are pushing you to. Make the switch when it is the right economical, business & technical supportable option. Learn Samba. Prove it works to yourself. Bring in a workstation with it and prove it works to the non-profit. Prove the TCO argument. You *will* win if they really listen.
For most of the business end of the company that is. I work for a non-profit as well and I run everything in my power on Microsoft. Why? Because it is the most compatible with what is out there.
/. because apparently there is no help to be had.
I don't have time to sit around and learn an entire new infrastructure from such (apparently) great helpful linux zealots on
Windows works with the majority of the applications that are out there and if this person is purchasing through Dell as a vendor for their equipment in bulk they get a great deal of the Windows OS at cut-rate prices, including the server-end. Why would one not go for Windows? A non-profit has enough to keep up with without having to worry about a steep learning curve.
Also, the general turnaround for most non-profits as far as money goes is around 30%-40% to the donation. The rest goes to keeping the company going (employees, maintenance, bills, lease payments etc).
This person also didn't state where the donations were coming from. For all you pinheads know the money is coming from corporations who form partnerships with the non-profit. The general public might not even donate at all to this organization.
Confucius say better to remain silent than to open mouth and remove all doubt.
2) Check to see if your local university or community college has a Linux Users Group (LUG). You'll meet other people with an interest in Linux who may even be willing to help you with design and implementation. They can also help you choose a Linux distro appropriate for what you are doing. I personally like Debian, if for no other reason than dselect, its package management system. You can get Samba, Sendmail, CUPS, Bind, Apache, etc. for it as mentioned above in other posts.
Good luck!
If you never make mistakes, it's probably because you're not doing anything.
I know this isn't what you asked, but Microsoft significantly discounts and even donates software to non-profit organizations. You might not need to change platforms at all. See this site.
Sorry, I have a few words in my original post that are technically spelled correctly but are not the right word to use. I think one thing but type another. Ugh...
Kalak's comments are spot-on. It's often easy for open-source to infiltrate one part of an organization -- a CMS for their website, for example. But total conversion including desktops can be quite difficult when the very foundation of the org runs on Windows-only software that is mandatory to complete certain tasks or communicate with parent/partner organizations.
I'm surprised this hasn't been mentioned.
The European Union offers a 148 page migration guide for going from Windows to GNU/Linux. The IDA-project produced this high-quality must-read.
You go now.
Quisque verborum suorum optimus interpres...
...instead of "go use Samba you fucktard".
I run a corporate AD forest that covers 3 countries. We have 3 primary AD controllers at the corporate office and a local AD controller at each major branch office. I've started integrating Linux into the mix, with an Oracle server, Mail server, DNS server, and a few application servers.
The hardest part has been getting Kerberos to properly authenticate with the AD tree. Basically, strip an off-the-shelf copy of Linux of anything related to Kerberos, then install a fresh copy of it from MIT. Once you've got that working, go pick up a copy of pam_krb5 and plug that into the PAM system. From then on out, all the linux services can authenticate with the AD tree through Kerberos.
If you want to share files, then you'll need to go the Samba route, but you don't have to start there. Plenty of Linux services (Courier IMAP, QMail, Bind, etc) work just fine on an AD forest without Samba.
I'm not sure if I'd trust my entire enterprise to Linux just yet. The time involved in figuring out which of the 5,000 configuration files I need to update to add a user isn't worth the ~$15 per user license of Windows. A single Windows 2003 server license plus users is very reasonable. It's the cost of 10+ server licenses that will kill you. Run a Windows AD controller and use Linux for the services on your network.
LOAD "SIG",8,1
LOADING...
READY.
RUN
Anyone considering using open source software in a small non-profit should be in touch with the non-profit open source iniative (nosi). There is a wealth of experience there and it is a good group of individuals. http://nosi.net
It is qmail, not QMail.
Quisque verborum suorum optimus interpres...
I'm totally embarrassed that anyone who uses Linux would jump on someone interested in learning it. YOu guys should be ashamed of yourselves.
Man, if the old days of USENET could see us now, they'd be ashamed.
I was pretty active on USENET during the old days.
1) People were expected to be reasonably knowledgeable about the subjects they were posting on. That is there weren't many newbie groups at all
2) In general people didn't ask dumb questions that were easily researched (though nothing like google really existed).
3) There were other discussion groups like genie, prodigy, AOL and compuserve which were friendlier for these sorts of basic questions. They often had paid tech support staff and a community of users who were helpful. They also had what we would today call FAQs and people were told to check the FAQ quite frequently.
4) Finally the closest analogy to google would have been gopher and people who didn't check gopher were redirected to it.
So using his analogy:
a) he posts to a general computer list something that is specific to SAMBA and gets sent to SAMBA
b) Once he gets to the SAMBA list and does some background research he could post specific questions about SAMBA
c) He needs to pick his groups carefully or he would get rude answers
I'd say the internet is much more firendly today than it was 15-20 years ago to these sorts of users. The AOL flood in '95 set a tone which destroyed USENET. The closest thing to USENET that exists today are the subject specific BBSes and listservers.
I agree. Very few people know how to configure a Windows network, so it works out quite expensive, just as with Linux. Either that or they do it wrong, then throw money away every day on lost productivity.
Note to managers responsible for IT purchases: You have Windows at home, so you feel comfortable with it. So fucking what, you're supposed to be making money for the company you work for, or effectively performing to your charity's charter. Spending other peoples money on making yourself comfortable is probably a breach of your contract.
Note to Linux zealots: see above.
Before choosing an IT infrastructure, identify the *real* requirements (having a menu labelled "Start" rather than with a picture of a foot is not required, and vice versa). And consider the effective lifetime of your purchase (a Windows set-up doesn't last as long as a Linux one as Linux upgrades come anywhere from cheap to free) Experience with the Windows desktop is not a bonus, as (despite the protestations of lazy people) even idiots can switch with incredible ease. My parents are living proof, they can handle Linux as well as Windows after about five minutes ("Hmm, Applications, I think... Perhaps Internet... Ah-ha, that same Firefox program I use on *my* computer").
As a non-profit organization, you may qualify for special pricing of commercial products, including Microsoft stuff (apps, servers, licenses). If the price is low enough, you may actually be better off with a commercial solution instead of an open source one. That may be heresy here on Slashdot, but then again so were Galileo's teachings in the Catholic Church.
Check out TechSoup.
Give me my freedom, and I'll take care of my own security, thank you.
A more suitable question might be, "I'm considering integrating a Linux server into a windows environment, and it looks like Samba is the way to go. I've read some of the tutorials and whitepapers and it looks like it can be done; have any slashdot readers done such a project? Is Samba the right solution, and what pitfalls should I expect?"
Yes, my only tool is a hammer. And you're starting to look like a nail.
I like the FSF, and I think it's a great thing, but remember the original discussion. The guy was talking about not giving to this charity because they don't use Linux for all their systems. I was making the point that you probably won't find any charities that do, so don't hold back donations from helping people just because whatever organization is trying to help doesn't have the resources or knowhow to convert their systems to Linux.
We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
I managed to connect linux to win xp home almost imeddiately, it's not difficult. The problem is windows itself: I still can't have Win xp home view a win98 pc...
I should have been awarded a "funny" mod point - it was more of a joke and it was meaningless to the conversation.
A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
I'm going to give the guy a break instead of bonking the noob on the nose for asking.
1. Thank you -- well spoken. You are informative, generous, and polite. SlashDot needs more like you.
2. If someone submits a totally idiotic question, and a SlashDot editor posts that question, then the SlashDot editor is to blame for the idiocy.
-kgj
-kgj
I work for an organization that provides tech support for non-profits. It's sad but true, non-profits have to live in the same world as commercial entities. They're subject to the same forces as anyone else -- they have momentum with existing Microsoft installations; there are custom legacy software that would require replacement, retaining, and conversation of data; they have users who only know Windows and (rightly or wrongly) would resist a switch to any other OS because it would mean they have to learn to use something slightly different.
Amen to that. I do support work here for a non profit and the attitude towards IT in general is hard to work with. There are a number of projects going on that are deemed to require funding ahead of any IT development to the point that the majority of machines are sick and dying (in the literal, not BSD way).
Coupled with the fact that the majority of people within the organisation are hostile towards any development the thought of running Linux on desktops is a far far far away pipe dream. We have one Linux server running authentication, web and file services only because I haven't told anyone about the switch from Win2k server (one long night when others had gone home...).
and now to focus and try and make a point...
The greatest asset to any non profit is people and volunteers, at the end of the day the funding behind that is secondary. Trying to convince, or worse, force volunteers to use a piece of software or operating system that they are not familiar with may lead to the good will of volunteering disappearing as the task becomes a chore. The only reason that I'm getting away with the server is that its transparent to most users and I've enough documentation prepared that I can hand it over to someone unfamiliar.
Morale seems good, considering, although high spirits are just no substitute for eight hundred rounds a minute