Active Directory for Linux draws closer

By David M Williams
Friday, 30 January 2009 17:56

Market

You may not consider it a "killer app" but one thing restricting Linux deployment in enterprises is an implementation of Microsoft's Active Directory (AD.) However, AD for Linux is on its way in Samba version 4 and is sure to annhilate a barrier to Linux adoption in business.

Active Directory is a Microsoft technology that provides a raft of network services. This includes LDAP-like directory services, Kerberos-based authentication and DNS-based machine naming.

These items make it possible for a Windows server admin to create a corporate domain that will extend to every user and computer on the network.

Each user login will authenticate against Active Directory; every computer will be joined to the Active Directory domain. This becomes the glue that allows users to share files, have automatic access to file and print and other resources, for people to look each other up within the global address list and so much more.

The concept behind Active Directory is far from new; Microsoft offered directory services in its earlier Windows NT product line; UNIX and Linux systems have had Yellow Pages, later Network Information Service (or NIS) for decades.

Just as Windows engineers can establish Active Directory domains, so too Linux engineers can establish a comprehensive Linux-based domain using NIS or LDAP. This will equally well provide user authentication and directory services. For a pure Linux network Active Directory isn’t an issue.

Yet, the lack of an Active Directory implementation is definitely a stumbling block when it comes to big business particularly if you are working with an existing Windows network.

Let me explain with an example.

Consider the deployment of a new server. Or even a desktop PC, it doesn’t matter. Either way, you need to join that new device to the existing domain so that user logins are seamless, policy settings apply correctly, file shares are correctly permitted or denied and so on.

It becomes difficult to make a case for Linux when considering new equipment if it cannot sit totally harmoniously within the existing infrastructure.

An example might be a small branch office file server. You have a remote office connected to your private WAN. Initially, the office only had a small number of users. They each have a desktop computer with Microsoft Office on it, using Outlook for mail which accesses the company Exchange server.

DHCP is enabled on the office router, ensuring each computer gets allocated an appropriate IP address and that they know where to find the company DNS server. All is working fine.

Then what happens? I'm sure old hands will know the story ... please read on!