Chewy509
Wotty wot wot.
As meany of you have most likely read Ubuntu 14.04 LTS has been released and is available for download. (most derivatives are also available as well).
I've been testing it (specifically GNOME Ubuntu 14.04) at work for deployment, and have come across a major snag in deploying in a corporate environment, especially ones that use Active Directory (AD).
Quick background/history. There are a number of ways to join a GNU/Linux desktop to an AD based domain, so that users in AD can log into the Linux box :
1. Use OpenLikewise services.
2. Use CentrifyDC services.
3. Use Winbind/Samba.
With either of the above methods, any user in AD can login locally onto the Linux box. (CentifyDC also brings in some GPO support as well).
The problem with 14.04LTS, is that OpenLikewise, nor CentrifyDC are available in the main repos (yet), so these company backed/supported solutions are not available, leaving only the samba/winbind method. Interesting to note: OpenLikewise is an opensource GPL product, so I wonder why OpenLikewise isn't available?...
While Winbind/Samba seems to work for external users connecting to shares on the Linux box, there doesn't appear to be accurate documentation on getting PAM configured correctly to allow both AD users and Linux local users to login, nor to allow GDM to validate AD user names correctly... (I've only managed to get PAM to either auth AD users OR linux local users, but not be able to do both at the same time). Also the PAM auto config files are missing for winbind/kerberos authentication as well, so PAM needs to be setup manually to use winbind or kerberos...
Otherwise there are a few other minor issues with 14.04 LTS as tested, but these only need a few workarounds/updates to scripts to get working... (note: the default smb.conf and krb5.conf need some work to specify the correct kerberos realm - no issue with you understand kerberos well, but expect to google for info if your kerberos knowledge is stale).
So for those that look after Ubuntu desktops at worked, hopefully this gives some thought if 14.04 is ready for you or not.
I've been testing it (specifically GNOME Ubuntu 14.04) at work for deployment, and have come across a major snag in deploying in a corporate environment, especially ones that use Active Directory (AD).
Quick background/history. There are a number of ways to join a GNU/Linux desktop to an AD based domain, so that users in AD can log into the Linux box :
1. Use OpenLikewise services.
2. Use CentrifyDC services.
3. Use Winbind/Samba.
With either of the above methods, any user in AD can login locally onto the Linux box. (CentifyDC also brings in some GPO support as well).
The problem with 14.04LTS, is that OpenLikewise, nor CentrifyDC are available in the main repos (yet), so these company backed/supported solutions are not available, leaving only the samba/winbind method. Interesting to note: OpenLikewise is an opensource GPL product, so I wonder why OpenLikewise isn't available?...
While Winbind/Samba seems to work for external users connecting to shares on the Linux box, there doesn't appear to be accurate documentation on getting PAM configured correctly to allow both AD users and Linux local users to login, nor to allow GDM to validate AD user names correctly... (I've only managed to get PAM to either auth AD users OR linux local users, but not be able to do both at the same time). Also the PAM auto config files are missing for winbind/kerberos authentication as well, so PAM needs to be setup manually to use winbind or kerberos...
Otherwise there are a few other minor issues with 14.04 LTS as tested, but these only need a few workarounds/updates to scripts to get working... (note: the default smb.conf and krb5.conf need some work to specify the correct kerberos realm - no issue with you understand kerberos well, but expect to google for info if your kerberos knowledge is stale).
So for those that look after Ubuntu desktops at worked, hopefully this gives some thought if 14.04 is ready for you or not.
