Ubuntu / Active Directory Integration Call to Arms!
The following was sent out in an open e-mail (open because I'm posting it here too, hoping anyone else might be interested):
Good day. I hope this finds you in the midst of a beautiful day!
I thought I'd start a discussion about Ubuntu/Active Directory Integration and copy several people who I think would be interested in this. If you are not interested, please excuse my rude intrusion and let me know.
I suggest we can have this discussion using "Reply All" to make a short-lived "mailing list" type entity. If anyone thinks this would be more appropriately discussed in a different fashion please let me know, I'm new to this whole Open Source community dynamic thing.
This e-mail is an open e-mail, and I am going to post this to my blog hoping other people would be interested in joining this discussion.
My name is Sim♀n Anibal Ruiz Rolfs, and I have called this Round Table together for purely selfish reasons. I need Active Directory Integration to be a simple part of Ubuntu, so I want you all to help me make that happen...well, that and it would help Ubuntu immensely as far as being a viable alternative as a workstation in previously homogenous Microsoft environments, which is a fair description of most big IT shops in the United States. Ubuntu has to play nice with the locals if it's going to even be considered.
I don't know if there is a project out there for addressing this as a whole already, or not. If not, it needs to be created and I'm willing to do whatever I can to make that happen.
I'm the Technology Assistant at Bloomington High School North, and I blog about my work on (http://indianalinux.blogspot.com). I'm also an active member of the Bloomington Linux User's Group (http://www.bloomingtonlinux.org and #bloomingtonlinux on freenode), Venezuela's Fraternity of Ubuntu Users (http://www.ubuntu.org.ve and #ubuntu on irc-hispano) (oh, btw, I am Venezuelan by birth and a dual citizen of Venezuela and the United States), and Ubuntu's new "Ubuntu and Education" community (https://lists.ubuntu.com/mailman/listinfo/ubuntu-education and #ubuntu-education on freenode), among other things.
Steve Cole is my boss, so I copy him on this sort of stuff to fool him into thinking I work from time to time.
Nathan Lavender is the main Active Directory guru for our corporate IS department that serves our entire school corporation. I'm copying him in case he'd be interested in participating in this discussion, though I understand he's been tasked with no time to help out with any of this so if he does join the discussion it will be out of the kindness of his heart and on his own personal time. I apologize if you're not interested, Nathan, but I thought I'd give you a chance to participate if you want; I understand if you simply don't have time for this, but I think the perspective of a Microsoft System Administrator of your caliber would be invaluable to this discussion, and I figure you might be interested in having some sway in what decisions I make here at North since they'll probably affect you somehow.
Jorge Castro is the man I saw give a presentation on Active Directory integration and Ubuntu at the Ohio LinuxFest last month. He writes a blog at (http://www.whiprush.org). I know from talking to him that he's got quite a bit of clue about Kerberos and LDAP and also about some network management sysadmin tools that I think are pretty essential to Active Directory integration in large organizations: sabayon and lockdown. I warned him I would bug him to suck his brain on these topics and so far have not had the time to do so. As our deployment phase enters the home stretch, I've come back to fulfill my threat.
Clay Berlo had the misfortune of showing up on my radar by writing "I managed to get winbind authentication to work and can login members of an Active Directory setup with automatically created home directories (which works rather nicely, I might add)" on one of the edubuntu mailing lists which gives him cred in my book.
He went on to ask about pam_mount to mount Windows shares on login, and I'll mention that what I envision as my first attempt to address that (because we have Samba share lockers too) is to use mount.cifs to mount the entire Student Lockers share to /usr/lockers, and then make a symlink from ~/locker to the current user's actual locker. (Any thoughts on this strategy?) I believe most Active Directory deployments use Samba shared lockers in this manner, though I have no proof of this I'd be surprised if it didn't turn out to be true.
Robin Shepard had the misfortune of catching my attention by writing "I was wondering whether anyone has attempted to get Edubuntu to authenticate users with a windows domain as yet??" on an edubuntu mailing list which means two things to me: first that interest in this exists in places other than the U.S., and secondly that in the time since that post Robin may have made some progress to share with us. If not, then the perspective of someone who wants this without knowing too many technical details would certainly be welcomed and appreciated.
Richard Weideman had the misfortune of actually having me catch his attention. He is the Education Programs Manager over at Canonical, and the primary figure in our new "Ubuntu and Education" community. I've let him know how important this functionality will be to Ubuntu being acceptable in the education system here in the States so I figure he'll be interested in this. Rich, if you can think of anyone else either at Canonical or in the Ubuntu community at large who needs to be in on this I trust you to include them.
So, introductions aside, here's the first main question: Is this a good medium for this discussion? Some of you with better community engineering skills please advise on this.
Secondly: Is there a project out there for this already? If so, WHERE?!?!?! If not, can we start one?
Thirdly, and this is where Nathan comes in if he can: Is there anything beyond LDAP and Kerberos that you think would be good to set up on the Linux workstations from the Microsoft System Administrator's side of things in order to really integrate Ubuntu with Active Directory?
And again, please Reply All.