SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Ping Nico: AD?
From:
Nico Kadel-Garcia <[log in to unmask]>
Reply To:
Nico Kadel-Garcia <[log in to unmask]>
Date:
Sun, 9 Feb 2014 18:41:22 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (60 lines) 
On Sun, Feb 9, 2014 at 6:22 PM, John Stewart <[log in to unmask]> wrote:
> Second attempt at posting as the switch in using an underscore to a period
> in our mail addresses confuses the listserv into thinking I'm not a list
> subscriber.
>
> On 09/02/2014 6:17 PM, John Stewart wrote:
>>
>> On 09/02/2014 2:45 PM, ToddAndMargo wrote: Thank you for the offer. Got me
>> to thinking. Whenever I come across a Windows Active Directory (AD) server,
>> I think under my breath "Why would you do that to yourself?". What a slow,
>> cumbersome, clunky mess. Within the first ten minutes of discussing a
>> Windows server with a client, I inevitably get asked how to speed it up. I
>> have to tell then that that is just the animal they are dealing with. If I
>> can set up a Windows server with the least amount of services running on it,
>> I do. I love it when they don't want AD. (Most of my customers seldom have
>> more than five workstations.)
>>
>> Active Directory would be overkill for five workstations, but for large
>> organizations Active Directory is a key part of your IT infrastructure.
>> Integrating our SL5 Sun Ray thin client servers with the AD domain managed
>> by our central computing department was a huge step forward.  This enabled
>> our students and instructors to use the same login and password they use to
>> access centrally managed services and the first time they login their Linux
>> home directory is automatically created.

Sun Ray is... a very different architecture. Merged authentication has
been available for decades now, with NIS, Kerberos, LDAP, or the
entwined Kerberos/LDAP mix that AD and therefore Samba use. Yeah, it's
handy, but creating home directories on first login is actually a
Linux PAM issue, not  a Samba/AD issue per se.

>> That's the way I felt when I managed the Solaris based Unix systems in our
>> central computing department but my recent experience has been that our
>> Windows 2008 Terminal Server machines are more reliable than our SL5 Sun Ray
>> servers.  It's not a hardware difference since both sets of servers run on
>> the same type of hardware.

Hmm. Sun Ray is hampered by the attempt to run X servers on a thin
client. X is.... bandwidth and resource greedy, which is one reason
that graphical "thin clients" hae never worked well for UNIX and Linux

Surprisingly, laptops running a simple Linux (such as Scientific
Linux) and running  the www.nomachine.com "NX" software provide
surprisingly good and manageable and efficient graphical access to
centralized servers.

>> Samba 3 has had it's day in the sun but it doesn't cut it for supporting
>> Windows 7 clients.  We're dealing with a wacky situation in another
>> department where the previous IT support person declined to simply join
>> Windows 7 clients to the centrally managed AD domain.  What he did instead
>> is use Microsoft Hyper-V to create an SL6 virtual machine on a pair of
>> Windows 2008 terminal servers (ironically part of the centrally managed AD
>> domain) and install Samba 4 to create his own AD domain to support Windows 7
>> clients in the department.

That's..... perverse. Possibly efficient and effective! But perverse.
Running one's own subdomain, including using Samba oon a Scientific
Linux box, is often the only way to get sane internal
DNS/DHCP/CIFS/LDAP in a Windows environment.

ATOM RSS1 RSS2