Likewise Extends Active Directory's Embrace to Mac and Linux

 
 
By Jason Brooks  |  Posted 2008-01-14 Email Print this article Print
 
 
 
 
 
 
 


title=Likewise in the Lab

Likewise Enterprise in the lab

I conducted my tests on an AD domain hosted by Windows Server 2003 Service Pack 2, to which I joined an Ubuntu 7.10 client using Likewise Open. I found that I needed to set a static network address for my Ubuntu client to complete a join operation, because part of the process entailed restarting Ubuntu's NetworkManager service, and my DHCP (Dynamic Host Configuration Protocol) network connection appeared to take too long to come back to life for Likewise Open's liking. Switching temporarily to a static address did the trick, and once I'd joined my domain, I could log in to the Ubuntu client as an Active Directory user whether I was online or offline, courtesy of credentials caching. I imagine that I could solve the DHCP issue I experienced by setting a longer time-out for the join process.

I turned next to upgrading my Likewise Open configuration to Likewise Enterprise, which meant installing software on my domain controller that added a couple of Likewise-specific tabs to AD's configuration dialogs, and extended the available Group Policy controls to include Linux, Unix and Macintosh. The product offered me the option of extending my AD schema to include the Unix-specific attributes introduced to AD in Windows Server 2003 R2. I chose to extend my schema, but you needn't do the same to use the product-an important feature at organizations with conservative schema extension policies.

Likewise Enterprise bridges Unix's NIS (Network Information Service) with Active Directory through "Cells" that map user IDs from AD to one or more NIS store or stores. For my tests, I didn't set out to integrate AD with an existing Unix or Linux authentication infrastructure, so I only created a single default Cell to correspond to my single AD organizational unit. I then Likewise-enabled one of the users on my domain through one of the new configuration tabs my server had picked up when I'd installed the product, and headed for my Linux test client. 

I installed the Likewise client software on a machine running CentOS 5, opened a set of firewall ports specified in the product documentation and joined the CentOS client to my test domain. It would have been handy if Likewise Enterprise had offered to open up the needed ports for me-a la Windows-during installation. I did not experience the same network timeout issue with CentOS and Likewise Enterprise that I had with Likewise Open and Ubuntu.

With basic authentication out of the way, I returned to my domain server to specify some Group Policy objects to apply to my CentOS client. I fired up the Microsoft Group Policy Management Console, where I found new sets of Linux and Macintosh-specific controls for users and machines alongside the native Windows Group Policy controls.

Using the Likewise-extended GPMC, I began by mandating that Linux machines in my default Cell run with their Security Enhanced Linux framework enabled, under the "targeted" SELinux policy, with the system's enforcing mode set to "Permissive," in which the system logs permissions errors but does not act on them. I shifted back to my CentOS client, ran a Likewise Enterprise command to force an immediate Group Policy refresh, and saw that the SELinux adjustments I'd made had been duly applied. I tried contravening my SELinux policy by becoming root and changing the settings I'd specified, but sure enough, once Group Policy refreshed on my client machine, the policies I'd selected were back in place.

I was also able to use Likewise Enterprise and Group Policy to exert detailed control over my CentOS client's GNOME desktop environment. Most of the applications that make up GNOME come with XML schema files for specifying their settings, which a user or administrator can access through GNOME's GConf Editor. I used the Likewise-extended GPMC to select which GNOME schema files I wished to include in my policy object, and then modify them as I wished. For instance, CentOS' file manager application, Nautilus, defaults to the "spatial" mode, but I changed it to the application's classic browser mode.

eWEEK Labs Executive Editor Jason Brooks can be reached at jbrooks@eweek.com




 
 
 
 
As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. JasonÔÇÖs coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel