1. Linux Windows Integration Can’t we all just get along?

2. JD Fogg Technology Infrastructure Consulting Security Consulting Network Engineering Project Management & Implementation

3. What is Interoperability? Application Sharing Shared Data Resources (ODBC, etc.) Network Services (DNS, etc.) Mail Printing File Sharing Internet Access (ISA issues) Login “pass-through” / AD integration

4. Application Sharing RDesktop & Terminal Services VNC X-Windows Cygwin

5. Network Services MS-DNS works well MS-DHCP is integrated with DNS NTP is native to AD Split DNS is possible, but complicated

6. Mail Exchange supports POP3 and IMAP Outlook / Outlook Express support POP3 and IMAP MBOX conversion possible Integrated calendaring is the driver for Exchange adoption Exchange Public Folders are evil POP3 connectors in Exchange

7. Printing Samba and Printing CUPS

8. Internet Access ISA relies on AD for AAA Outbound Internet access requires systems and users to be “known” Exceptions can be made for non-AD machines

9. File Sharing Samba – the well worn path Browsing AD shares with Samba 3.0 Killing CIFS permissions *nix-based NAS issues MS-SUX and NAS tricks

10. MS-SFU 3.5 (beta) Dramatic new capabilities, in W2003R2 Identity Management for Unix MSNFS (client, server & gateway) Subsystem for Unix Applications (Interix) Full NIS with AD sync Tools (awk, grep, sed, tr, cut, tar, cpio) Permissions translations

11. Active Directory Integration If you can’t beat them, join them

12. Understanding Linux Authentication etc/passwd, etc/group etc/shadow PAM

13. passwd and group james:x:500:500:Mr. James User:/home/james:/bin/bash Fields are colon-delimited uname:pword:userid:groupid:name:homedirectory:shell

14. Shadow Passwords World has RO rights to etc/passwd Password stored using a simple hash Many processes read etc/passwd Password is replaced in /etc/passwd with a token etc/shadow holds encrypted password data with Draconian rights

15. PAM Pluggable Authentication Module Native to Linux, available for all other *NIX Allows for a variety of authentication systems to mimic /etc/passwd Any AAA system with a PAM module can be used Active Directory PAM modules are available

16. Active Directory Hierarchical database of users, resources and rights AD is standards-based (with a little DNS protocol extension) Kerberos (authentication), DNS (naming) and LDAP (directory services) All services accept queries from any host Extensive resources available (bring aspirin and coffee)

17. Active Directory & DNS DNS answers all queries (promiscuous) DNS zones can be AD-integrated or stand-alone (using a BIND style zone file) AD domain zone contains AD-specific extensions, must be AD-integrated MS-DNS doesn’t support BIND 9 Views MS-DHCP is integrated with DNS Split DNS or Windows DNS, you choose Beware zone transfers and updates

18. Active Directory and Kerberos MS-Kerberos is standards based Queries must be from “known” hosts Kerberos authenticates users and hosts Kerberos authorizes resource access Used for domain trusts Transitive nature extended to other OS’s

19. Active Directory and LDAP MS-LDAP is standards compliant Queries must be from “known” hosts Resource of “known” hosts for services Database of systems and resources Integrated with Kerberos AA and rights management LDAP is the “glue” of AD

20. Winbind Allows Linux users to use Windows domain resources as though they were native Linux resources

21. Samba & Winbind Winbind extends Samba functionality to integrate AD AAA Samba 3.08 + IT Kerberos5 V1.3.1 + OpenLDAP Winbind authenticates users against AD Manages passwords, no local accounts http://www.enterprisenetworkingplanet.com/netos/article. php/3487081 http://www.enterprisenetworkingplanet.com/netos/article. php/3502441

22. QUESTIONS?

23. Thank You