Deploying Linux desktops across large organizations has been getting easier with each new release. However, in practice, installing, configuring and securing such deployments is not so simple. With this fact in mind, we recently got in touch with Likewise vice-president Ken Cheney for a hands-on look at using his company’s chief product to simply and secure corporate deployments.  Here’s what we found …

Before delving into the nitty-gritty of the Likewise configuration itself, Cheney outlined why systems administrators should be interested in Likewise Enterprise and similar solutions for integrating Unix machines with Microsoft Active Directory, rather than relying on do-it-yourself approaches which can get ugly:

In the case of Linux desktops, it can be argued that enterprise adoption has lagged behind expectations given the perceived pain of simply getting Linux desktops to ‘play nice’ with legacy infrastructure investments. Despite a simpler path existing, many enterprises attempt to tie-in Linux desktops to their enterprise identity and access management infrastructure through sheer will, leveraging ‘baling wire and duct tape’ with homegrown solutions made up of Kerberos and LDAP. The result is often a costly and difficult environment to maintain and frequent end-user frustration, which impacts further adoption.

In contrast to solutions based on Kerberos and LDAP, Cheney observed, identity and access-management products consolidate directory services. They “remove the pain of the homegrown approach and are surprisingly easy to deploy.”

Deploying Likewise Enterprise on Ubuntu

Cheney then moved on to a discussion of the deployment and configuration of Enterprise Likewise, using an Ubuntu client as an example. Likewise Enterprise is the licensed version of the Likewise suite, providing more features than the free and open source Likewise Open, which supports basic AD integration but not advanced features such as UID/GID support for group policy, compliance reporting for auditors, and event management and dashboards.

Breaking the process down step-by-step, Cheney outlined the work needed to “operationalize” an Ubuntu machine as a happy constituent of an AD environment with the assistance of Likewise Enterprise:

Step 1 – Fire up the Likewise installer on a Windows Member Server, and go through the install wizard (you may also install the Likewise Tools separately on a workstation if you use ADUC/GPMC from your personal machine):

The install wizard will do the following:

Step 2 – Now let’s add Logon Restrictions:

Step 3 – Now we need to install Likewise Enterprise agent on the Ubuntu Machine:

Step 4 – At this point all you have done to AD is add the Likewise Enterprise plug-in and add an OU. No schema changes or invasive changes have been made. This is called ‘Non-Schema mode.’

Step 5 – User “Jimmer” can now login to the Ubuntu machine with his AD credentials. It’s tracked in the event log, you can run reports on it, set additional group policies. SSH single sign-on will just work, and connecting to Windows shares from Ubuntu should automatically work.

Now you can either a) retire the “baling wire and duct-tape” approach you’ve been using or b) successfully “operationalize” your Ubuntu desktop rollout from day one.

And thus are the individual steps needed to operationalize an Ubuntu machine for an AD environment. Broken down like this, identity-management solutions demonstrate their value over hopelessly complex, hacked-together alternatives based on Kerberos and LDAP.

This isn’t to say, of course, that Likewise doesn’t have its complexities — witness the long documentation that explains the product’s advanced features — but its basic deployment can be quite facile, and is doubtless superior to hacking Kerberos configuration files by hand.

Sign up for The VAR Guy’s Weekly Newsletter, Webcasts and Resource Center. Follow The VAR Guy via RSS, Facebook and Twitter. Follow experts at VARtweet. Read The VAR Guy’s editorial disclosures here.