Windows Server 2008 Interop with Linux and OS X

We’re a little over halfway done with the Interop Road Show I helped create.  Last week Matt Hester did a simulcast of the live event from Chicago.  Although he did a great job, I wanted to capture the demos with Camtasia v6.0.2 and provide some high quality audio and video of the demos, so here they are.

A Party of Protocols

There are a number of ways to invite Linux, UNIX, and OS X to the Windows Server Active Directory party.  The operating systems we use today will interoperate in many ways because each includes some level of common protocol support.  Support for HTTP is an obvious protocol they all share.  SMB is also commonly used for access to Windows file system shares.  In the UNIX world, NFS ruled the ether for years.  Thankfully directory and security protocols like LDAP and Kerberos have also become common in the desktop and server operating systems.

There are pros and cons to any approach to integrating heterogeneous environments.  Usually this means there will be tradeoffs on functionality.  Thankfully, there is a robust market out there to lower the number of tradeoffs and attempt to provide near seamless coexistence and integration.

For those of you that get TechNet Magazine, you probably noticed the December 2008 issue devoted to this subject.  You also probably noticed it isn’t necessarily trivial to do everything you might set out to accomplish.  As Matt likes to say, get some sleep, get up early, and eat your Nerdflakes because you are going to need them.

I shopped the partner market.  I wanted to see if there were some products you should consider that ease the pain.  There are and you should by all means evaluate the products from Centrify, Quest, Likewise and others.  You’ll notice I am using Centrify DirectControl. 

The main reason for that is simple.  Linux, OS X and UNIX and Windows include support for authentication, directories and file sharing.  That capability is built into the OS.  However, if you want to do desktop management, you really need help from an additional set of agents and code.  You’ll see what I mean in demo number three below.

Adding SUSE Linux to Active Directory (AD)

In the video just below, we are going to add a SLED 10 SP2 virtual machine to the contoso.com domain.  We’ll first check and verify the vm is able to find the domain controllers and that we have good connectivity.  Then we’ll join the domain and reboot the vm.  Check it out.

Get Microsoft Silverlight

Security Security

Now that our workstation vm is a citizen of the contoso.com domain, we can start doing the stuff that would be a normal next step.  For instance, we would want to verify user principals from AD can login on the Linux machine and use it.  We would also want to check the security model and verify share and file permissions are working as expected.  Checkout this next video on that subject.

Get Microsoft Silverlight

Bow to Group Policy

Now that we can see networking, authentication and security is working properly, we can start to take advantage of the management infrastructure.  For this demo, we are going to make a simple change to the SLED 10 SP2 GNOME settings to verify Group Policy Object (GPO) settings are flowing from Windows to Linux.

Get Microsoft Silverlight

Summary

There is obviously a lot more to this subject, but as you can see, interoperability between Windows Server 2008 and a number of other server and desktop operating systems is quite good.  You can do this the easy way, or you can do it the not so easy way.  It’s really going to depend on your needs.  If you have no need for desktop management via group policies, then you should investigate the native integration possibilities.  If you have more advanced management needs to get the wild wild west tamed, then I would highly recommend looking at the partner tools.