What I have:

  • Workstations running Ubuntu Jaunty mounting /home on a remote NFS server. User accounts are still created locally on each individual workstation.
  • Workstations running Windows XP / Vista
  • NFS server (as noted above)
  • Windows 2008 server
  • All machines share a single private network (LAN).

What I need to accomplish:

A single, intuitive (GUI driven) place for an office administrator to create user accounts. This should let anyone login to their (linux or windows) workstation, then fire up remote desktop and use the same login to the Windows 2008 server, from any machine on the network.

I have read so much on samba, LDAP vs AD, etc and now I'm even more confused than I was before I began researching the problem. Ideally, Linux and Windows users should be able to get to their local files once logged into the Win2008 server. I am a programmer, not an interoperability guru and I'm completely lost on where to even start trying to accomplish this, plus I've run out of things to Google.

How would you do this? Is it even possible?

Edit

MacOS is not a consideration. Dealing with personal laptops ends at assigning them an IP when they plug in. I'm concerned only with Linux / Windows workstations that exist on an entirely different subnet.


Simple way: Try using Microsoft's Services for Unix which maps unix attributes to windows AD.

Hard way: Please see my posts on 389 Directory Server lists for solutions. I have accomplished similar request using 389 ldap servers and PAM Modules to authenticate via Kerberos to Windows AD.

Authentication: Users on Unix will use windows password to login/ssh via simple ldap authentication. LDAP servers talk to AD via kerberos using PAM Pass-Through authentication modules, thereby eliminating any samba/winbind requirement for clients. Windows usrs obviously use windows password.

Account creation in 389 LDAP servers: I wrote a perl script that syncs users from Windows AD ou=Users(human accounts), ou=Unix(Unix service Accounts) with proper attributes and UID/GID values. Hence all accounts created on AD will automatically be created on LDAP servers and passwords DONOT need to be synced(see above).

Local Files: NFS Auto-mounts in LDAP lets centralized home directories for all users. This can be done in widnows AD as well.

Lots of features can be added. http://directory.fedoraproject.org/wiki/Documentation

Last word: This method will take quite sometime to plan and implement for your needs.


It might be possible.

Hell it must be possible, you can not , in 2010, be the first person to ever want such a thing.

After all, the ugly solution would be to just script it, and slap a gui over top. When I say "script" I mean use Applescript/VB/Python(for example) and trigger the actual steps needed. Ugly, but it' would work , and then you'd refine it. GUI over top just calls your scripts. After all, sitting at each keyboard, you could do it right? So your code would initially just be a macro.

Find the utter basics of what needs to be done , script it cowboy... oops i meant to say agile style, and bit by bit you could refine it. Add elegance later.

Then sell your solution.

But people do this do they not? There must be a solution, unless they want you to make one?