I am pretty much a newbie to Linux...but I have been learning quite a bit lately. I still have a few unanswered questions I would like to post and get feedback on.

I would like to know about replacing a Windoze NT (or 2K) based network model with a pure Linux server based network. I am interested in what will change as far as administration of users and resources.
This is only a hypothetical situation so there are really no boundaries at the moment. I do plan on ridding the world of as many M$ domains as my crusade takes me. I plan to annihilate the M$ dragon and let justice prevail and end the tyranny of….oops! Getting a little carried away... ;)

1) Authentication
a. Can I setup some kind of centralized authentication as in the NT/2K domain where users can log on from any computer on the network and authentication be done by the server and not the local workstation?
b. Can user account administration be done in one place (domain controller) if I have multiple Linux servers?
c. If so, how do I set up replication partners so that all my Linux servers have a current user/group list?

2) Resources Sharing
a. How does Linux handle shares on servers, shared printers, databases and other network available resources and such?
b. Is there some kind of Active Directory or NDS type service for Linux?

Thanks in advance for your answers.
Brad

I can only answer one of those question: Linux has no NDS or ADS system, because it's not object-oriented.

There is LDAP -> http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/ldap.asp

I believe the native *nix domain model is NIS or YP

But that's as much as I know!

Probably worth investigating when I get time. After all, M$ seem to have embraced and extended most *nix concepts, but they are still lagging far far behind.

Here's a question to go w/ this:

Everyone always says 'Turn off all RPC services. NFS, NIS, etc. are bad, insecure, get rid of them' Fine. What the fsck are the alternatives?? Samba works to some degree, but that is a M$ system for cryin' out loud!! Is there no native Unix facilities other than NIS/NFS for this, i.e. something that is accepted as being secure, like Kerberos, but from what I've heard, unless you are using a specialized 'kerberized' version of all your apps, it doesn't matter anyway. WTF??

Monte

Originally posted by milanuk:
<STRONG>Here's a question to go w/ this:

Everyone always says 'Turn off all RPC services. NFS, NIS, etc. are bad, insecure, get rid of them' Fine. What the fsck are the alternatives?? Samba works to some degree, but that is a M$ system for cryin' out loud!! Is there no native Unix facilities other than NIS/NFS for this, i.e. something that is accepted as being secure, like Kerberos, but from what I've heard, unless you are using a specialized 'kerberized' version of all your apps, it doesn't matter anyway. WTF??

Monte</STRONG>
They are dangerous, but not insecure really. It's just rare that an end-user ever needs these services unless they know what they are doing already, so they sort of get slapped with that stigmatic description of being "insecure". I think it's more of it being "another possibly entry point where there need not be one" in most cases. Hell, at my school they run NIS and NFS services on the same box as the webserver, which is also the Samba PDC and the FTP server, etc. (This is the CS department of course, the University Computing Center is clueless about *nix - shame on them)

Actually I found that there is NDS for Linux.
It is called NDS eDirectory. The only problem is knowing what to buy.

The thing I hate most about Novell (and the list is long) is that to get the functionality you want, you need to buy/install a few products. Micro$oft is going in the same direction. Pretty soon you will have to pay for each button you click on.
Exit button - $5.00
Preferences Tab - $11.00
Add User button - $2.00
Add Group button - $3.00

What is PAM?
I am running Corel Linux (Debian based) 2nd edition and I dont see anything about PAM.

Come on guys/girls...I am really looking for alternative solutions to the Blue Bloated Giant.

Hi there,

Try take a look of this software,
http://www.webmin.com/webmin/

Also, do a search in freshmeat.net for "webmin" there are a whole bunch of softwares can work with webmin.

I know this is polly not what all you are talking about but I think it can make your life easiler when you start your project.

Best Regards,
Jacky Liu

Don't even use webmin. It's for those who don't have any idea how to administer their system and do things manually. If you really wanted to learn, just don't use webmin.

Surely any tools that make your life easier are a good thing? As long as you have the *choice* to SSH in or whatever.

I am at a stage where thanks to GUIs and improved install routines on Linux etc I have made a break from Win2K, and, over time, I intend to harness the power of the command line since it looks like a very powerful scripting language in comparison to say MS-DOS batch files which I am accustomed to.

But I'm still as lazy as anyone else. The difference is, is that the guts of Linux are exposed if you care to dig around, and it's always possible to understand why something in Linux isn't working right (usually) or manually edit an offending config file.

Originally posted by Strike:
<STRONG>
They are dangerous, but not insecure really. It's just rare that an end-user ever needs these services unless they know what they are doing already, so they sort of get slapped with that stigmatic description of being "insecure". I think it's more of it being "another possibly entry point where there need not be one" in most cases. Hell, at my school they run NIS and NFS services on the same box as the webserver, which is also the Samba PDC and the FTP server, etc. (This is the CS department of course, the University Computing Center is clueless about *nix - shame on them)</STRONG>

Well, I think they are needed... for somethings. I am currently in planning mode for the layout of my new home LAN, and I would _very_ much like to make it so that one person can log into pretty much any computer and have the same 'environment' i.e. home directory, perspective of network, services available. Looking at 3-4 desktops/workstations, 1 server, and unless the old P133 starts acting right, the server may well be the firewall/gateway as well. The server is to be a 'super server' w/ pretty much the whole enchilada on it, because as much as I'd like to spread things out, I like the idea of providing services from desktop machines less. Sometimes it's not _intentional_ stupidity per se, just a calculated risk given the options ;)

Monte