| |
995
|
|
|
Written by hmgp the 28 Feb 08 at 15:06.
Category: System.
Related to:
Nothing/Others.
Status: In development
|
|
|
Description
Make it easy to join a Ubuntu Workstation to a Active Directory Domain. Like Windows does for instance.
Tags:
(none)
Attachments
Duplicates
Comments
|
will_in_wi wrote on the 28 Feb 08 at 15:08
| |
This would be huge. I have wanted this for a long time. Also, allow it be done _after_ install.
|
|
silux wrote on the 28 Feb 08 at 15:18
| |
This would be a big step towards being able to use ubuntu where I work.
|
|
MagicFab wrote on the 28 Feb 08 at 15:29
|
Look for the likewise-open packages. Likewise is available in the universe repository and available for testing in Ubuntu 8.04 Hardy (alpha 5).
likewise-open-gui - GUI for Likewise Open Authentication service. Likewise Open
likewise-open - Authentication services for Active Directory Domains
|
|
randomnote1 wrote on the 28 Feb 08 at 23:58
| |
couldn't have said it better myself MagicFab
|
|
Tribaal wrote on the 29 Feb 08 at 00:13
|
I agree, but would like to see the opposite too: an ubuntu Domain controller that lets windows workstations log in as if using an AD.
This would greatly reduce the costs of infrastructure for SMBs and ease deployment.
See http://brainstorm.ubuntu.com/my_ideas
|
|
rickyjones wrote on the 29 Feb 08 at 02:00
|
I fully support seeing this idea as well.
-Richard
|
|
dallingham wrote on the 29 Feb 08 at 02:28
| |
This should not be limited to just Active Directory. In addition to Active Directory support, it should also support joining an LDAP, Kerberos, or NIS network.
|
|
gunark wrote on the 29 Feb 08 at 04:08
| |
Two years ago my company chose SuSE over Ubuntu for exactly this reason. I really wanted to like Ubuntu, but lack of good integration with AD was a killer :(
|
|
Lars Noodén wrote on the 29 Feb 08 at 08:43
| |
If this is done, then the process needs to involve informing those installing it about the other options, especially those that don't involve getting further locked into a very insecure system.
|
|
thielmann wrote on the 29 Feb 08 at 12:52
| |
It's already done in hardy using "likewise-open".
|
|
hmgp wrote on the 29 Feb 08 at 14:00
| |
Didn't quite test it in hardy but my Gutsy install doesn't quite work with "likewise-open"
|
|
fredtorrey wrote on the 29 Feb 08 at 17:26
| |
I work at a school, we have active directory. Integrating Linux clients into this is a PITA, preventing us from using Linux, though we'd LOVE to! Fix it so we can. Please please please.
|
|
mp3phish wrote on the 29 Feb 08 at 22:16
|
My opinion is that the ability to authenticate against an LDAP server would be more useful. Not only would it be a more open solution (wouldn't require AD) but it is also more common in large organizations, and would be easier for Small organizations to setup the servers for (no need to purchase MS licenses for AD server).
Now, if you want to add the ability to join an AD, for those small minority of organisations who have ad BUT no LDAP, then that is fine too, but I think that you will serve a larger user base not only today, but in the future, if you support LDAP first, and then work on AD later if you have extra time to burn.
|
|
rawsausage wrote on the 29 Feb 08 at 22:58
|
mp3phis, what on earth are you talking? AD is LDAP directory. You can also point your linux box to authenticate against it by using pure LDAP if you wish. All you have to do is to add the bind account. The only problem is that AD does not support SSL as they support kerberos anyways which was actually meant for authentication purposes. (Alternatively you can install Stunnel on the AD server if you must. It takes roughly 3 minutes in total.) Also the AD kerberos should work just fine with for example Heimdal.
My point is: Just support LDAP+Kerberos, it's enough for both AD and the open source world in reality.
|
|
peanutb wrote on the 1 Mar 08 at 02:35
| |
EBOX will provide an easy way to manage a windows domain. Im not sure if it qualifys as AD, but it acts as a domain controller, and does most things. Im not sure about group policy.
|
|
pier11 wrote on the 3 Mar 08 at 11:25
|
This would finally open door for Ubuntu in big enterprises, banks. Because this is a major obstacle when you want even try Ubuntu in AD based office network.
It should work right out of the box, time you insert liveCD/liveUSB to your PC/Laptop.
|
|
probono wrote on the 4 Mar 08 at 11:36
| |
Why would anyone want to choose Active Direcory over free alternatives?
|
|
deejross wrote on the 4 Mar 08 at 18:36
|
AD is BIG. It's everywhere. Nearly every small/medium business I ever seen runs a Windows Server 2003 + Active Directory environment. They can't just switch their environment overnight, they need to migrate slowly and supporting AD makes it easier and less painful for the users of the system.
Also, by looking at the blueprint, it seems as though the beta for AD integration will be available for Hardy Alpha 6 as planned.
|
|
mp3phish wrote on the 4 Mar 08 at 21:08
|
rawsausage: all I meant is that they shouldn't waste their time integrating with windows version. If it can authenticate against its LDAP server thats fine, but more importantly it authenticate against OpenLDAP or fedora's server. All the windows cruft is a moving target.
If it works fine with OpenLDAP etc. and also works with active directory, thats fine too.
|
|
ka2 wrote on the 8 Mar 08 at 00:19
| |
of course windows will integrate with windows.
|
|
Eldmannen wrote on the 12 Mar 08 at 23:21
| |
Great for business, schools, government and companies.
|
|
leftcase wrote on the 7 Apr 08 at 17:35
|
likewise-open is a good start but....
likewise-open authenticates the PC to AD and allows you to log onto your PC using your domain account. What it doesn't do though is add the AD account to various groups on your PC. What this means is that your domain account can't use sound, access usb devices etc etc...
Unfortunately the administrator then has to manually configure - via the command line - various files to get it working properly, on each client... Until it gets a little easier I don't think likewise-open will be adopted widely.
|
|
jon_herr wrote on the 21 Apr 08 at 18:15
|
What leftcase said above:
"....What it doesn't do though is add the AD account to various groups on your PC. What this means is that your domain account can't use sound, access usb devices etc etc... "
This is the same weakness that exists with NIS type logins - and it's time for this to get 'fixed', IMHO.
One other key issue - mounting home folders for offline use, as the 'other OS' which starts with Micro and ends with Soft does it. So that if the domain controller isn't present, the home folder is... This capability is CRUCIAL for mobile applications such as laptops that are sometimes on the domain, other times out in the field.
|
|
hunt.topher wrote on the 29 Apr 08 at 20:54
|
Yes yes yes PLEASE.
Likewise is of course not a perfect solution now. But it will improve steadily, and it will improve more quickly as the project gains momentum. I think the more energy is invested in improving Likewise, the better for widespread Ubuntu adoption in a business setting.
I personally have worked with 3 school districts that would switch over to Ubuntu in a flash if AD integration were easier. Of course, once clients are migrated to Ubuntu, it would then be easier to migrate *servers* to Ubuntu, dropping AD altogether... the problem is, the whole environment can't be migrated all at once. Strong AD support increases Ubuntu's business / school viability because it enables admins to "pilot-test" Ubuntu in small doses.
|
Post your comment
|
|
Blueprint windows-authentication-integration:
